OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.
References
Link | Resource |
---|---|
http://www.unimo.co.jp/table_notice/index.php?act=1&resid=1666831567-004418 | Vendor Advisory |
https://jvn.jp/en/vu/JVNVU94514762/index.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Information
Published : 2022-12-06 20:15
Updated : 2022-12-09 13:18
NVD link : CVE-2022-44606
Mitre link : CVE-2022-44606
JSON object : View
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Products Affected
unimo
- udr-ja1604_firmware
- udr-ja1616
- udr-ja1604
- udr-ja1616_firmware
- udr-ja1608_firmware
- udr-ja1608