Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability found for hg6 by tenda
VAR-202206-0251
Vulnerability from variot - Updated: 2024-11-23 21:58Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a command injection vulnerability via the pingAddr and traceAddr parameters. This vulnerability is exploited via a crafted POST request. Shenzhen Tenda Technology Co.,Ltd. of hg6 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker could exploit this vulnerability to cause arbitrary command execution. HG6 provides 4 LAN ports(1GE,3FE),a voice port to meet users' requirements for enjoying the Internet,HD IPTV and VoIP multi-service applications.The application suffers from an authenticated OS command injectionvulnerability. This can be exploited to inject and execute arbitraryshell commands through the 'pingAddr' and 'traceAddr' HTTP POST parametersin formPing, formPing6, formTracert and formTracert6 interfaces.Tested on: Boa/0.93.15
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0251",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg6",
"scope": "eq",
"trust": 1.6,
"vendor": "tenda",
"version": "3.3.0-210926"
},
{
"model": "hg6",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "hg6",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "hg6",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "hg6 firmware 3.3.0-210926"
},
{
"model": "hg6 v",
"scope": "eq",
"trust": 0.1,
"vendor": "tenda",
"version": "firmware version: 3.3.0-210926"
},
{
"model": "hg6 v",
"scope": "eq",
"trust": 0.1,
"vendor": "tenda",
"version": "software version: v1.1.0"
},
{
"model": "hg6 v",
"scope": "eq",
"trust": 0.1,
"vendor": "tenda",
"version": "hardware version: v1.0"
},
{
"model": "hg6 v",
"scope": "eq",
"trust": 0.1,
"vendor": "tenda",
"version": "check version: td_hg6_xpon_tde_isp"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2022-5706"
},
{
"db": "CNVD",
"id": "CNVD-2022-46164"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010486"
},
{
"db": "NVD",
"id": "CVE-2022-30425"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovered by Gjoko Krstic",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2022-5706"
}
],
"trust": 0.1
},
"cve": "CVE-2022-30425",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2022-30425",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2022-46164",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-30425",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-30425",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-30425",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-30425",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-46164",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-249",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "ZSL",
"id": "ZSL-2022-5706",
"trust": 0.1,
"value": "(4/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2022-5706"
},
{
"db": "CNVD",
"id": "CNVD-2022-46164"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010486"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-249"
},
{
"db": "NVD",
"id": "CVE-2022-30425"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a command injection vulnerability via the pingAddr and traceAddr parameters. This vulnerability is exploited via a crafted POST request. Shenzhen Tenda Technology Co.,Ltd. of hg6 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker could exploit this vulnerability to cause arbitrary command execution. HG6 provides 4 LAN ports(1*GE,3*FE),a voice port to meet users\u0027 requirements for enjoying the Internet,HD IPTV and VoIP multi-service applications.The application suffers from an authenticated OS command injectionvulnerability. This can be exploited to inject and execute arbitraryshell commands through the \u0027pingAddr\u0027 and \u0027traceAddr\u0027 HTTP POST parametersin formPing, formPing6, formTracert and formTracert6 interfaces.Tested on: Boa/0.93.15",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-30425"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010486"
},
{
"db": "CNVD",
"id": "CNVD-2022-46164"
},
{
"db": "ZSL",
"id": "ZSL-2022-5706"
},
{
"db": "VULMON",
"id": "CVE-2022-30425"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/tenda_hg6_cmdinj.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2022-5706"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-30425",
"trust": 4.0
},
{
"db": "ZSL",
"id": "ZSL-2022-5706",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010486",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-46164",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-249",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "166932",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2022050009",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "50916",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-30425",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2022-5706"
},
{
"db": "CNVD",
"id": "CNVD-2022-46164"
},
{
"db": "VULMON",
"id": "CVE-2022-30425"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010486"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-249"
},
{
"db": "NVD",
"id": "CVE-2022-30425"
}
]
},
"id": "VAR-202206-0251",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-46164"
}
],
"trust": 1.2666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-46164"
}
]
},
"last_update_date": "2024-11-23T21:58:20.164000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Tenda HG6 Command Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/336476"
},
{
"title": "Tenda HG6 Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=195732"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-46164"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-249"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010486"
},
{
"db": "NVD",
"id": "CVE-2022-30425"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.zeroscience.mk/en/vulnerabilities/zsl-2022-5706.php"
},
{
"trust": 2.5,
"url": "https://www.tendacn.com/"
},
{
"trust": 2.5,
"url": "https://www.tendacn.com/product/hg6.html"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30425"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-30425/"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/166932/tenda-hg6-3.3.0-remote-command-injection.html"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2022050009"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225715"
},
{
"trust": 0.1,
"url": "https://sploitus.com/exploit?id=zsl-2022-5706"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/50916"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2022-30425"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2022-5706"
},
{
"db": "CNVD",
"id": "CNVD-2022-46164"
},
{
"db": "VULMON",
"id": "CVE-2022-30425"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010486"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-249"
},
{
"db": "NVD",
"id": "CVE-2022-30425"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2022-5706"
},
{
"db": "CNVD",
"id": "CNVD-2022-46164"
},
{
"db": "VULMON",
"id": "CVE-2022-30425"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010486"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-249"
},
{
"db": "NVD",
"id": "CVE-2022-30425"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-03T00:00:00",
"db": "ZSL",
"id": "ZSL-2022-5706"
},
{
"date": "2022-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-46164"
},
{
"date": "2022-06-02T00:00:00",
"db": "VULMON",
"id": "CVE-2022-30425"
},
{
"date": "2023-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010486"
},
{
"date": "2022-06-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-249"
},
{
"date": "2022-06-02T14:15:52.903000",
"db": "NVD",
"id": "CVE-2022-30425"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-29T00:00:00",
"db": "ZSL",
"id": "ZSL-2022-5706"
},
{
"date": "2022-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-46164"
},
{
"date": "2022-06-02T00:00:00",
"db": "VULMON",
"id": "CVE-2022-30425"
},
{
"date": "2023-08-15T08:10:00",
"db": "JVNDB",
"id": "JVNDB-2022-010486"
},
{
"date": "2022-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-249"
},
{
"date": "2024-11-21T07:02:44.893000",
"db": "NVD",
"id": "CVE-2022-30425"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-249"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0hg6\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010486"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-249"
}
],
"trust": 0.6
}
}