Search criteria
78 vulnerabilities found for r1510 by robustel
VAR-202210-1055
Vulnerability from variot - Updated: 2024-08-14 15:37An OS command injection vulnerability exists in the js_package install functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1055",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r1510",
"scope": "eq",
"trust": 1.0,
"vendor": "robustel",
"version": "3.1.16"
},
{
"model": "r1510",
"scope": "eq",
"trust": 1.0,
"vendor": "robustel",
"version": "3.3.0"
},
{
"model": "r1510",
"scope": null,
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.3.0"
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.1.16"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019867"
},
{
"db": "NVD",
"id": "CVE-2022-33150"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1030"
}
],
"trust": 0.6
},
"cve": "CVE-2022-33150",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"id": "CVE-2022-33150",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-33150",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-33150",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-33150",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-33150",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-33150",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-1030",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019867"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1030"
},
{
"db": "NVD",
"id": "CVE-2022-33150"
},
{
"db": "NVD",
"id": "CVE-2022-33150"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An OS command injection vulnerability exists in the js_package install functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-33150"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019867"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-33150",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2022-1577",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019867",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1030",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019867"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1030"
},
{
"db": "NVD",
"id": "CVE-2022-33150"
}
]
},
"id": "VAR-202210-1055",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T15:37:20.670000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Robustel R1510 Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=210769"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1030"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019867"
},
{
"db": "NVD",
"id": "CVE-2022-33150"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1577"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33150"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-33150/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019867"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1030"
},
{
"db": "NVD",
"id": "CVE-2022-33150"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019867"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1030"
},
{
"db": "NVD",
"id": "CVE-2022-33150"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019867"
},
{
"date": "2022-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1030"
},
{
"date": "2022-10-25T17:15:52.780000",
"db": "NVD",
"id": "CVE-2022-33150"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T08:15:00",
"db": "JVNDB",
"id": "JVNDB-2022-019867"
},
{
"date": "2022-10-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1030"
},
{
"date": "2022-10-26T16:09:36.600000",
"db": "NVD",
"id": "CVE-2022-33150"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1030"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "robustel\u00a0 of \u00a0r1510\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019867"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1030"
}
],
"trust": 0.6
}
}
VAR-202210-1017
Vulnerability from variot - Updated: 2024-08-14 15:27An OS command injection vulnerability exists in the sysupgrade command injection functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1017",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r1510",
"scope": "eq",
"trust": 1.0,
"vendor": "robustel",
"version": "3.1.16"
},
{
"model": "r1510",
"scope": "eq",
"trust": 1.0,
"vendor": "robustel",
"version": "3.3.0"
},
{
"model": "r1510",
"scope": null,
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.3.0"
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.1.16"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019872"
},
{
"db": "NVD",
"id": "CVE-2022-32765"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1028"
}
],
"trust": 0.6
},
"cve": "CVE-2022-32765",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"id": "CVE-2022-32765",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-32765",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-32765",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-32765",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-32765",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-32765",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-1028",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019872"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1028"
},
{
"db": "NVD",
"id": "CVE-2022-32765"
},
{
"db": "NVD",
"id": "CVE-2022-32765"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An OS command injection vulnerability exists in the sysupgrade command injection functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32765"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019872"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-32765",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2022-1576",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019872",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1028",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019872"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1028"
},
{
"db": "NVD",
"id": "CVE-2022-32765"
}
]
},
"id": "VAR-202210-1017",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T15:27:03.959000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Robustel R1510 Repair measures for operating system command injection vulnerability in operating system",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=243849"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1028"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019872"
},
{
"db": "NVD",
"id": "CVE-2022-32765"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1576"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32765"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-32765/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019872"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1028"
},
{
"db": "NVD",
"id": "CVE-2022-32765"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019872"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1028"
},
{
"db": "NVD",
"id": "CVE-2022-32765"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019872"
},
{
"date": "2022-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1028"
},
{
"date": "2022-10-25T17:15:52.583000",
"db": "NVD",
"id": "CVE-2022-32765"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T08:15:00",
"db": "JVNDB",
"id": "JVNDB-2022-019872"
},
{
"date": "2023-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1028"
},
{
"date": "2023-06-29T15:18:41.027000",
"db": "NVD",
"id": "CVE-2022-32765"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1028"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "robustel\u00a0 of \u00a0r1510\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019872"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1028"
}
],
"trust": 0.6
}
}
VAR-202210-1018
Vulnerability from variot - Updated: 2024-08-14 14:55A directory traversal vulnerability exists in the web_server /ajax/remove/ functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability. robustel of r1510 A path traversal vulnerability exists in firmware.Information is tampered with and service operation is interrupted (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1018",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r1510",
"scope": "eq",
"trust": 1.0,
"vendor": "robustel",
"version": "3.1.16"
},
{
"model": "r1510",
"scope": null,
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.1.16"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019854"
},
{
"db": "NVD",
"id": "CVE-2022-33897"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1026"
}
],
"trust": 0.6
},
"cve": "CVE-2022-33897",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2022-33897",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-33897",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-33897",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-33897",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-33897",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-33897",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-1026",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019854"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1026"
},
{
"db": "NVD",
"id": "CVE-2022-33897"
},
{
"db": "NVD",
"id": "CVE-2022-33897"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A directory traversal vulnerability exists in the web_server /ajax/remove/ functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability. robustel of r1510 A path traversal vulnerability exists in firmware.Information is tampered with and service operation is interrupted (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-33897"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019854"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-33897",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2022-1579",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019854",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1026",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019854"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1026"
},
{
"db": "NVD",
"id": "CVE-2022-33897"
}
]
},
"id": "VAR-202210-1018",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T14:55:10.421000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Robustel R1510 Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=212078"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1026"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019854"
},
{
"db": "NVD",
"id": "CVE-2022-33897"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1579"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33897"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-33897/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019854"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1026"
},
{
"db": "NVD",
"id": "CVE-2022-33897"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019854"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1026"
},
{
"db": "NVD",
"id": "CVE-2022-33897"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019854"
},
{
"date": "2022-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1026"
},
{
"date": "2022-10-25T17:15:53.427000",
"db": "NVD",
"id": "CVE-2022-33897"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-019854"
},
{
"date": "2022-10-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1026"
},
{
"date": "2022-10-26T03:24:09.417000",
"db": "NVD",
"id": "CVE-2022-33897"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1026"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "robustel\u00a0 of \u00a0r1510\u00a0 Path traversal vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019854"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1026"
}
],
"trust": 0.6
}
}
VAR-202210-1016
Vulnerability from variot - Updated: 2024-08-14 13:42A firmware update vulnerability exists in the sysupgrade functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network packet can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability. robustel of r1510 Firmware contains insufficient validation of data authenticity.Information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1016",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r1510",
"scope": "eq",
"trust": 1.0,
"vendor": "robustel",
"version": "3.1.16"
},
{
"model": "r1510",
"scope": "eq",
"trust": 1.0,
"vendor": "robustel",
"version": "3.3.0"
},
{
"model": "r1510",
"scope": null,
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.3.0"
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.1.16"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019846"
},
{
"db": "NVD",
"id": "CVE-2022-34845"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1029"
}
],
"trust": 0.6
},
"cve": "CVE-2022-34845",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.2,
"id": "CVE-2022-34845",
"impactScore": 5.5,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2022-34845",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.7,
"baseSeverity": "Low",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-34845",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-34845",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-34845",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2022-34845",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-1029",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019846"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1029"
},
{
"db": "NVD",
"id": "CVE-2022-34845"
},
{
"db": "NVD",
"id": "CVE-2022-34845"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A firmware update vulnerability exists in the sysupgrade functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network packet can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability. robustel of r1510 Firmware contains insufficient validation of data authenticity.Information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-34845"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019846"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-34845",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2022-1580",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019846",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1029",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019846"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1029"
},
{
"db": "NVD",
"id": "CVE-2022-34845"
}
]
},
"id": "VAR-202210-1016",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T13:42:19.488000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Robustel R1510 Repair measures for data forgery problem vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=212080"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1029"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-345",
"trust": 1.0
},
{
"problemtype": "Inadequate verification of data reliability (CWE-345) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019846"
},
{
"db": "NVD",
"id": "CVE-2022-34845"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1580"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-34845"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-34845/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019846"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1029"
},
{
"db": "NVD",
"id": "CVE-2022-34845"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019846"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1029"
},
{
"db": "NVD",
"id": "CVE-2022-34845"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019846"
},
{
"date": "2022-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1029"
},
{
"date": "2022-10-25T17:15:53.563000",
"db": "NVD",
"id": "CVE-2022-34845"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-019846"
},
{
"date": "2022-10-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1029"
},
{
"date": "2022-10-26T03:24:41.727000",
"db": "NVD",
"id": "CVE-2022-34845"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1029"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "robustel\u00a0 of \u00a0r1510\u00a0 Insufficient validation of data authenticity in firmware vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019846"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1029"
}
],
"trust": 0.6
}
}
VAR-202210-1142
Vulnerability from variot - Updated: 2024-08-14 13:42An OS command injection vulnerability exists in the web_server /action/import_authorized_keys/ functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1142",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r1510",
"scope": "eq",
"trust": 1.0,
"vendor": "robustel",
"version": "3.1.16"
},
{
"model": "r1510",
"scope": "eq",
"trust": 1.0,
"vendor": "robustel",
"version": "3.3.0"
},
{
"model": "r1510",
"scope": null,
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.3.0"
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.1.16"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019845"
},
{
"db": "NVD",
"id": "CVE-2022-34850"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1027"
}
],
"trust": 0.6
},
"cve": "CVE-2022-34850",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"id": "CVE-2022-34850",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2022-34850",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-34850",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-34850",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-34850",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-34850",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-1027",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019845"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1027"
},
{
"db": "NVD",
"id": "CVE-2022-34850"
},
{
"db": "NVD",
"id": "CVE-2022-34850"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An OS command injection vulnerability exists in the web_server /action/import_authorized_keys/ functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-34850"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019845"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-34850",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2022-1578",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019845",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1027",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019845"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1027"
},
{
"db": "NVD",
"id": "CVE-2022-34850"
}
]
},
"id": "VAR-202210-1142",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T13:42:19.391000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Robustel R1510 Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=212079"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1027"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019845"
},
{
"db": "NVD",
"id": "CVE-2022-34850"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1578"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-34850"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-34850/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019845"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1027"
},
{
"db": "NVD",
"id": "CVE-2022-34850"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019845"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1027"
},
{
"db": "NVD",
"id": "CVE-2022-34850"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019845"
},
{
"date": "2022-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1027"
},
{
"date": "2022-10-25T17:15:53.623000",
"db": "NVD",
"id": "CVE-2022-34850"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-019845"
},
{
"date": "2022-10-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1027"
},
{
"date": "2022-10-26T03:24:54.297000",
"db": "NVD",
"id": "CVE-2022-34850"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1027"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "robustel\u00a0 of \u00a0r1510\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019845"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1027"
}
],
"trust": 0.6
}
}
VAR-202206-2267
Vulnerability from variot - Updated: 2024-08-14 13:22Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The /action/import_https_cert_file/ API is affected by command injection vulnerability. robustel of r1510 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2267",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r1510",
"scope": "eq",
"trust": 1.6,
"vendor": "robustel",
"version": "3.3.0"
},
{
"model": "r1510",
"scope": null,
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.3.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51429"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012747"
},
{
"db": "NVD",
"id": "CVE-2022-33313"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2897"
}
],
"trust": 0.6
},
"cve": "CVE-2022-33313",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-33313",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-51429",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-33313",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"id": "CVE-2022-33313",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-33313",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-33313",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-33313",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-33313",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2022-51429",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2897",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2022-33313",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51429"
},
{
"db": "VULMON",
"id": "CVE-2022-33313"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012747"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2897"
},
{
"db": "NVD",
"id": "CVE-2022-33313"
},
{
"db": "NVD",
"id": "CVE-2022-33313"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_https_cert_file/` API is affected by command injection vulnerability. robustel of r1510 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-33313"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012747"
},
{
"db": "CNVD",
"id": "CNVD-2022-51429"
},
{
"db": "VULMON",
"id": "CVE-2022-33313"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-33313",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1572",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012747",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-51429",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071513",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2897",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-33313",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51429"
},
{
"db": "VULMON",
"id": "CVE-2022-33313"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012747"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2897"
},
{
"db": "NVD",
"id": "CVE-2022-33313"
}
]
},
"id": "VAR-202206-2267",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51429"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51429"
}
]
},
"last_update_date": "2024-08-14T13:22:04.941000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Robustel R1510 Operating System Command Injection Vulnerability (CNVD-2022-51429)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/339286"
},
{
"title": "Robustel R1510 Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=198385"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51429"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2897"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012747"
},
{
"db": "NVD",
"id": "CVE-2022-33313"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1572"
},
{
"trust": 1.2,
"url": "https://cxsecurity.com/cveshow/cve-2022-33313/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33313"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071513"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51429"
},
{
"db": "VULMON",
"id": "CVE-2022-33313"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012747"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2897"
},
{
"db": "NVD",
"id": "CVE-2022-33313"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-51429"
},
{
"db": "VULMON",
"id": "CVE-2022-33313"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012747"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2897"
},
{
"db": "NVD",
"id": "CVE-2022-33313"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-51429"
},
{
"date": "2022-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-33313"
},
{
"date": "2023-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-012747"
},
{
"date": "2022-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2897"
},
{
"date": "2022-06-30T19:15:08.447000",
"db": "NVD",
"id": "CVE-2022-33313"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-51429"
},
{
"date": "2022-07-12T00:00:00",
"db": "VULMON",
"id": "CVE-2022-33313"
},
{
"date": "2023-09-01T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-012747"
},
{
"date": "2022-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2897"
},
{
"date": "2022-07-12T19:55:08.477000",
"db": "NVD",
"id": "CVE-2022-33313"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2897"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "robustel\u00a0 of \u00a0r1510\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012747"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2897"
}
],
"trust": 0.6
}
}
VAR-202206-2271
Vulnerability from variot - Updated: 2024-08-14 13:22Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The /ajax/remove_sniffer_raw_log/ API is affected by a command injection vulnerability. robustel of r1510 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2271",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r1510",
"scope": "eq",
"trust": 1.6,
"vendor": "robustel",
"version": "3.3.0"
},
{
"model": "r1510",
"scope": null,
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.3.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51421"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012743"
},
{
"db": "NVD",
"id": "CVE-2022-33327"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2893"
}
],
"trust": 0.6
},
"cve": "CVE-2022-33327",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-33327",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-51421",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-33327",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"id": "CVE-2022-33327",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-33327",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-33327",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-33327",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-33327",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2022-51421",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2893",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2022-33327",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51421"
},
{
"db": "VULMON",
"id": "CVE-2022-33327"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012743"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2893"
},
{
"db": "NVD",
"id": "CVE-2022-33327"
},
{
"db": "NVD",
"id": "CVE-2022-33327"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/remove_sniffer_raw_log/` API is affected by a command injection vulnerability. robustel of r1510 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-33327"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012743"
},
{
"db": "CNVD",
"id": "CNVD-2022-51421"
},
{
"db": "VULMON",
"id": "CVE-2022-33327"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-33327",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1573",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012743",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-51421",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071513",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2893",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-33327",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51421"
},
{
"db": "VULMON",
"id": "CVE-2022-33327"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012743"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2893"
},
{
"db": "NVD",
"id": "CVE-2022-33327"
}
]
},
"id": "VAR-202206-2271",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51421"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51421"
}
]
},
"last_update_date": "2024-08-14T13:22:04.910000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Robustel R1510 Operating System Command Injection Vulnerability (CNVD-2022-51421)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/339346"
},
{
"title": "Robustel R1510 Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=198381"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51421"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2893"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012743"
},
{
"db": "NVD",
"id": "CVE-2022-33327"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1573"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33327"
},
{
"trust": 0.6,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2022-33327"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-33327/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071513"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51421"
},
{
"db": "VULMON",
"id": "CVE-2022-33327"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012743"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2893"
},
{
"db": "NVD",
"id": "CVE-2022-33327"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-51421"
},
{
"db": "VULMON",
"id": "CVE-2022-33327"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012743"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2893"
},
{
"db": "NVD",
"id": "CVE-2022-33327"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-51421"
},
{
"date": "2022-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-33327"
},
{
"date": "2023-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-012743"
},
{
"date": "2022-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2893"
},
{
"date": "2022-06-30T19:15:08.650000",
"db": "NVD",
"id": "CVE-2022-33327"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-51421"
},
{
"date": "2022-07-12T00:00:00",
"db": "VULMON",
"id": "CVE-2022-33327"
},
{
"date": "2023-09-01T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-012743"
},
{
"date": "2022-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2893"
},
{
"date": "2022-07-12T20:03:25.853000",
"db": "NVD",
"id": "CVE-2022-33327"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2893"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "robustel\u00a0 of \u00a0r1510\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012743"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2893"
}
],
"trust": 0.6
}
}
VAR-202206-2265
Vulnerability from variot - Updated: 2024-08-14 13:22Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The /action/import_cert_file/ API is affected by command injection vulnerability. robustel of r1510 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2265",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r1510",
"scope": "eq",
"trust": 1.6,
"vendor": "robustel",
"version": "3.3.0"
},
{
"model": "r1510",
"scope": null,
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.3.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51428"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012748"
},
{
"db": "NVD",
"id": "CVE-2022-33312"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2898"
}
],
"trust": 0.6
},
"cve": "CVE-2022-33312",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-33312",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-51428",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-33312",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"id": "CVE-2022-33312",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-33312",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-33312",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-33312",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-33312",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2022-51428",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2898",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2022-33312",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51428"
},
{
"db": "VULMON",
"id": "CVE-2022-33312"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012748"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2898"
},
{
"db": "NVD",
"id": "CVE-2022-33312"
},
{
"db": "NVD",
"id": "CVE-2022-33312"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_cert_file/` API is affected by command injection vulnerability. robustel of r1510 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-33312"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012748"
},
{
"db": "CNVD",
"id": "CNVD-2022-51428"
},
{
"db": "VULMON",
"id": "CVE-2022-33312"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-33312",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1572",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012748",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-51428",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071513",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2898",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-33312",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51428"
},
{
"db": "VULMON",
"id": "CVE-2022-33312"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012748"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2898"
},
{
"db": "NVD",
"id": "CVE-2022-33312"
}
]
},
"id": "VAR-202206-2265",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51428"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51428"
}
]
},
"last_update_date": "2024-08-14T13:22:04.880000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Robustel R1510 Operating System Command Injection Vulnerability (CNVD-2022-51428)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/339296"
},
{
"title": "Robustel R1510 Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=198386"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51428"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2898"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012748"
},
{
"db": "NVD",
"id": "CVE-2022-33312"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1572"
},
{
"trust": 1.2,
"url": "https://cxsecurity.com/cveshow/cve-2022-33312/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33312"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071513"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51428"
},
{
"db": "VULMON",
"id": "CVE-2022-33312"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012748"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2898"
},
{
"db": "NVD",
"id": "CVE-2022-33312"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-51428"
},
{
"db": "VULMON",
"id": "CVE-2022-33312"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012748"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2898"
},
{
"db": "NVD",
"id": "CVE-2022-33312"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-51428"
},
{
"date": "2022-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-33312"
},
{
"date": "2023-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-012748"
},
{
"date": "2022-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2898"
},
{
"date": "2022-06-30T19:15:08.397000",
"db": "NVD",
"id": "CVE-2022-33312"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-51428"
},
{
"date": "2022-07-12T00:00:00",
"db": "VULMON",
"id": "CVE-2022-33312"
},
{
"date": "2023-09-01T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-012748"
},
{
"date": "2022-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2898"
},
{
"date": "2022-07-12T19:53:27.693000",
"db": "NVD",
"id": "CVE-2022-33312"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2898"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "robustel\u00a0 of \u00a0r1510\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012748"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2898"
}
],
"trust": 0.6
}
}
VAR-202206-2272
Vulnerability from variot - Updated: 2024-08-14 13:22Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The /ajax/config_rollback/ API is affected by a command injection vulnerability. robustel of r1510 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2272",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r1510",
"scope": "eq",
"trust": 1.6,
"vendor": "robustel",
"version": "3.3.0"
},
{
"model": "r1510",
"scope": null,
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.3.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51422"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012744"
},
{
"db": "NVD",
"id": "CVE-2022-33326"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2894"
}
],
"trust": 0.6
},
"cve": "CVE-2022-33326",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-33326",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-51422",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-33326",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"id": "CVE-2022-33326",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-33326",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-33326",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-33326",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-33326",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2022-51422",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2894",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2022-33326",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51422"
},
{
"db": "VULMON",
"id": "CVE-2022-33326"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012744"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2894"
},
{
"db": "NVD",
"id": "CVE-2022-33326"
},
{
"db": "NVD",
"id": "CVE-2022-33326"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/config_rollback/` API is affected by a command injection vulnerability. robustel of r1510 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-33326"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012744"
},
{
"db": "CNVD",
"id": "CNVD-2022-51422"
},
{
"db": "VULMON",
"id": "CVE-2022-33326"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-33326",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1573",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012744",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-51422",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071513",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2894",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-33326",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51422"
},
{
"db": "VULMON",
"id": "CVE-2022-33326"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012744"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2894"
},
{
"db": "NVD",
"id": "CVE-2022-33326"
}
]
},
"id": "VAR-202206-2272",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51422"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51422"
}
]
},
"last_update_date": "2024-08-14T13:22:04.851000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Robustel R1510 Operating System Command Injection Vulnerability (CNVD-2022-51422)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/339336"
},
{
"title": "Robustel R1510 Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=198382"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51422"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2894"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012744"
},
{
"db": "NVD",
"id": "CVE-2022-33326"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1573"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33326"
},
{
"trust": 0.6,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2022-33326"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-33326/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071513"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51422"
},
{
"db": "VULMON",
"id": "CVE-2022-33326"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012744"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2894"
},
{
"db": "NVD",
"id": "CVE-2022-33326"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-51422"
},
{
"db": "VULMON",
"id": "CVE-2022-33326"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012744"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2894"
},
{
"db": "NVD",
"id": "CVE-2022-33326"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-51422"
},
{
"date": "2022-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-33326"
},
{
"date": "2023-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-012744"
},
{
"date": "2022-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2894"
},
{
"date": "2022-06-30T19:15:08.597000",
"db": "NVD",
"id": "CVE-2022-33326"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-51422"
},
{
"date": "2022-07-12T00:00:00",
"db": "VULMON",
"id": "CVE-2022-33326"
},
{
"date": "2023-09-01T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-012744"
},
{
"date": "2022-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2894"
},
{
"date": "2022-07-12T20:02:29.537000",
"db": "NVD",
"id": "CVE-2022-33326"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2894"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "robustel\u00a0 of \u00a0r1510\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012744"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2894"
}
],
"trust": 0.6
}
}
VAR-202206-2274
Vulnerability from variot - Updated: 2024-08-14 13:22Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The /ajax/remove/ API is affected by a command injection vulnerability. robustel of r1510 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2274",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r1510",
"scope": "eq",
"trust": 1.6,
"vendor": "robustel",
"version": "3.3.0"
},
{
"model": "r1510",
"scope": null,
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.3.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51424"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012742"
},
{
"db": "NVD",
"id": "CVE-2022-33328"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2892"
}
],
"trust": 0.6
},
"cve": "CVE-2022-33328",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-33328",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-51424",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-33328",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"id": "CVE-2022-33328",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-33328",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-33328",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-33328",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-33328",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2022-51424",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2892",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2022-33328",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51424"
},
{
"db": "VULMON",
"id": "CVE-2022-33328"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012742"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2892"
},
{
"db": "NVD",
"id": "CVE-2022-33328"
},
{
"db": "NVD",
"id": "CVE-2022-33328"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/remove/` API is affected by a command injection vulnerability. robustel of r1510 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-33328"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012742"
},
{
"db": "CNVD",
"id": "CNVD-2022-51424"
},
{
"db": "VULMON",
"id": "CVE-2022-33328"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-33328",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1573",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012742",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-51424",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071513",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2892",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-33328",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51424"
},
{
"db": "VULMON",
"id": "CVE-2022-33328"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012742"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2892"
},
{
"db": "NVD",
"id": "CVE-2022-33328"
}
]
},
"id": "VAR-202206-2274",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51424"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51424"
}
]
},
"last_update_date": "2024-08-14T13:22:04.821000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Robustel R1510 Operating System Command Injection Vulnerability (CNVD-2022-51424)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/339321"
},
{
"title": "Robustel R1510 Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=198380"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51424"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2892"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012742"
},
{
"db": "NVD",
"id": "CVE-2022-33328"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1573"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33328"
},
{
"trust": 0.6,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2022-33328"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-33328/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071513"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51424"
},
{
"db": "VULMON",
"id": "CVE-2022-33328"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012742"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2892"
},
{
"db": "NVD",
"id": "CVE-2022-33328"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-51424"
},
{
"db": "VULMON",
"id": "CVE-2022-33328"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012742"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2892"
},
{
"db": "NVD",
"id": "CVE-2022-33328"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-51424"
},
{
"date": "2022-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-33328"
},
{
"date": "2023-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-012742"
},
{
"date": "2022-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2892"
},
{
"date": "2022-06-30T19:15:08.700000",
"db": "NVD",
"id": "CVE-2022-33328"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-51424"
},
{
"date": "2022-07-12T00:00:00",
"db": "VULMON",
"id": "CVE-2022-33328"
},
{
"date": "2023-09-01T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-012742"
},
{
"date": "2022-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2892"
},
{
"date": "2022-07-12T20:04:12.610000",
"db": "NVD",
"id": "CVE-2022-33328"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2892"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "robustel\u00a0 of \u00a0r1510\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012742"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2892"
}
],
"trust": 0.6
}
}
VAR-202206-2270
Vulnerability from variot - Updated: 2024-08-14 13:22Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The /ajax/set_sys_time/ API is affected by a command injection vulnerability. robustel of r1510 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2270",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r1510",
"scope": "eq",
"trust": 1.6,
"vendor": "robustel",
"version": "3.3.0"
},
{
"model": "r1510",
"scope": null,
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.3.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51425"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012741"
},
{
"db": "NVD",
"id": "CVE-2022-33329"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2891"
}
],
"trust": 0.6
},
"cve": "CVE-2022-33329",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-33329",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-51425",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-33329",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"id": "CVE-2022-33329",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-33329",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-33329",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-33329",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-33329",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2022-51425",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2891",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2022-33329",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51425"
},
{
"db": "VULMON",
"id": "CVE-2022-33329"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012741"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2891"
},
{
"db": "NVD",
"id": "CVE-2022-33329"
},
{
"db": "NVD",
"id": "CVE-2022-33329"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/set_sys_time/` API is affected by a command injection vulnerability. robustel of r1510 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-33329"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012741"
},
{
"db": "CNVD",
"id": "CNVD-2022-51425"
},
{
"db": "VULMON",
"id": "CVE-2022-33329"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-33329",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1573",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012741",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-51425",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071513",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2891",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-33329",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51425"
},
{
"db": "VULMON",
"id": "CVE-2022-33329"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012741"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2891"
},
{
"db": "NVD",
"id": "CVE-2022-33329"
}
]
},
"id": "VAR-202206-2270",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51425"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51425"
}
]
},
"last_update_date": "2024-08-14T13:22:04.790000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Robustel R1510 Operating System Command Injection Vulnerability (CNVD-2022-51425)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/339316"
},
{
"title": "Robustel R1510 Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=198379"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51425"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2891"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012741"
},
{
"db": "NVD",
"id": "CVE-2022-33329"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1573"
},
{
"trust": 1.2,
"url": "https://cxsecurity.com/cveshow/cve-2022-33329/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33329"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071513"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51425"
},
{
"db": "VULMON",
"id": "CVE-2022-33329"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012741"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2891"
},
{
"db": "NVD",
"id": "CVE-2022-33329"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-51425"
},
{
"db": "VULMON",
"id": "CVE-2022-33329"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012741"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2891"
},
{
"db": "NVD",
"id": "CVE-2022-33329"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-51425"
},
{
"date": "2022-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-33329"
},
{
"date": "2023-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-012741"
},
{
"date": "2022-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2891"
},
{
"date": "2022-06-30T19:15:08.750000",
"db": "NVD",
"id": "CVE-2022-33329"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-51425"
},
{
"date": "2022-07-12T00:00:00",
"db": "VULMON",
"id": "CVE-2022-33329"
},
{
"date": "2023-09-01T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-012741"
},
{
"date": "2022-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2891"
},
{
"date": "2022-07-12T19:50:24.610000",
"db": "NVD",
"id": "CVE-2022-33329"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2891"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "robustel\u00a0 of \u00a0r1510\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012741"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2891"
}
],
"trust": 0.6
}
}
VAR-202206-2266
Vulnerability from variot - Updated: 2024-08-14 13:22Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The /action/import_sdk_file/ API is affected by command injection vulnerability. robustel of r1510 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2266",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r1510",
"scope": "eq",
"trust": 1.6,
"vendor": "robustel",
"version": "3.3.0"
},
{
"model": "r1510",
"scope": null,
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.3.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51430"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012746"
},
{
"db": "NVD",
"id": "CVE-2022-33314"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2896"
}
],
"trust": 0.6
},
"cve": "CVE-2022-33314",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-33314",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-51430",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-33314",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"id": "CVE-2022-33314",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-33314",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-33314",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-33314",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-33314",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2022-51430",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2896",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2022-33314",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51430"
},
{
"db": "VULMON",
"id": "CVE-2022-33314"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012746"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2896"
},
{
"db": "NVD",
"id": "CVE-2022-33314"
},
{
"db": "NVD",
"id": "CVE-2022-33314"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_sdk_file/` API is affected by command injection vulnerability. robustel of r1510 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-33314"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012746"
},
{
"db": "CNVD",
"id": "CNVD-2022-51430"
},
{
"db": "VULMON",
"id": "CVE-2022-33314"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-33314",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1572",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012746",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-51430",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071513",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2896",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-33314",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51430"
},
{
"db": "VULMON",
"id": "CVE-2022-33314"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012746"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2896"
},
{
"db": "NVD",
"id": "CVE-2022-33314"
}
]
},
"id": "VAR-202206-2266",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51430"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51430"
}
]
},
"last_update_date": "2024-08-14T13:22:04.760000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Robustel R1510 OS Command Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/339281"
},
{
"title": "Robustel R1510 Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=198384"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51430"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2896"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012746"
},
{
"db": "NVD",
"id": "CVE-2022-33314"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1572"
},
{
"trust": 1.2,
"url": "https://cxsecurity.com/cveshow/cve-2022-33314/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33314"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071513"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51430"
},
{
"db": "VULMON",
"id": "CVE-2022-33314"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012746"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2896"
},
{
"db": "NVD",
"id": "CVE-2022-33314"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-51430"
},
{
"db": "VULMON",
"id": "CVE-2022-33314"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012746"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2896"
},
{
"db": "NVD",
"id": "CVE-2022-33314"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-51430"
},
{
"date": "2022-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-33314"
},
{
"date": "2023-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-012746"
},
{
"date": "2022-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2896"
},
{
"date": "2022-06-30T19:15:08.497000",
"db": "NVD",
"id": "CVE-2022-33314"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-51430"
},
{
"date": "2022-07-12T00:00:00",
"db": "VULMON",
"id": "CVE-2022-33314"
},
{
"date": "2023-09-01T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-012746"
},
{
"date": "2022-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2896"
},
{
"date": "2022-07-12T19:58:14.317000",
"db": "NVD",
"id": "CVE-2022-33314"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2896"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "robustel\u00a0 of \u00a0r1510\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012746"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2896"
}
],
"trust": 0.6
}
}
VAR-202206-2283
Vulnerability from variot - Updated: 2024-08-14 13:22A data removal vulnerability exists in the web_server /action/remove/ API functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability. robustel of r1510 A path traversal vulnerability exists in firmware.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2283",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r1510",
"scope": "eq",
"trust": 1.6,
"vendor": "robustel",
"version": "3.3.0"
},
{
"model": "r1510",
"scope": null,
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.3.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51426"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012806"
},
{
"db": "NVD",
"id": "CVE-2022-28127"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2901"
}
],
"trust": 0.6
},
"cve": "CVE-2022-28127",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-28127",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-51426",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-28127",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.3,
"id": "CVE-2022-28127",
"impactScore": 5.8,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-28127",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-28127",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-28127",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-28127",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2022-51426",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2901",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2022-28127",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51426"
},
{
"db": "VULMON",
"id": "CVE-2022-28127"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012806"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2901"
},
{
"db": "NVD",
"id": "CVE-2022-28127"
},
{
"db": "NVD",
"id": "CVE-2022-28127"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A data removal vulnerability exists in the web_server /action/remove/ API functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability. robustel of r1510 A path traversal vulnerability exists in firmware.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-28127"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012806"
},
{
"db": "CNVD",
"id": "CNVD-2022-51426"
},
{
"db": "VULMON",
"id": "CVE-2022-28127"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-28127",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1571",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012806",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-51426",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071513",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2901",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-28127",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51426"
},
{
"db": "VULMON",
"id": "CVE-2022-28127"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012806"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2901"
},
{
"db": "NVD",
"id": "CVE-2022-28127"
}
]
},
"id": "VAR-202206-2283",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51426"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51426"
}
]
},
"last_update_date": "2024-08-14T13:22:04.730000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Robustel R1510 Input Validation Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/339311"
},
{
"title": "Robustel R1510 Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=245488"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51426"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2901"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012806"
},
{
"db": "NVD",
"id": "CVE-2022-28127"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1571"
},
{
"trust": 1.2,
"url": "https://cxsecurity.com/cveshow/cve-2022-28127/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28127"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071513"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51426"
},
{
"db": "VULMON",
"id": "CVE-2022-28127"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012806"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2901"
},
{
"db": "NVD",
"id": "CVE-2022-28127"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-51426"
},
{
"db": "VULMON",
"id": "CVE-2022-28127"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012806"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2901"
},
{
"db": "NVD",
"id": "CVE-2022-28127"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-51426"
},
{
"date": "2022-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-28127"
},
{
"date": "2023-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-012806"
},
{
"date": "2022-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2901"
},
{
"date": "2022-06-30T19:15:08.223000",
"db": "NVD",
"id": "CVE-2022-28127"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-51426"
},
{
"date": "2022-07-12T00:00:00",
"db": "VULMON",
"id": "CVE-2022-28127"
},
{
"date": "2023-09-01T08:16:00",
"db": "JVNDB",
"id": "JVNDB-2022-012806"
},
{
"date": "2023-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2901"
},
{
"date": "2023-07-11T20:21:44.840000",
"db": "NVD",
"id": "CVE-2022-28127"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2901"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "robustel\u00a0 of \u00a0r1510\u00a0 Path traversal vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012806"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2901"
}
],
"trust": 0.6
}
}
VAR-202206-2306
Vulnerability from variot - Updated: 2024-08-14 13:22A command execution vulnerability exists in the clish art2 functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. robustel of r1510 There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2306",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r1510",
"scope": "eq",
"trust": 1.6,
"vendor": "robustel",
"version": "3.3.0"
},
{
"model": "r1510",
"scope": null,
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.3.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51427"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012755"
},
{
"db": "NVD",
"id": "CVE-2022-32585"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2900"
}
],
"trust": 0.6
},
"cve": "CVE-2022-32585",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-32585",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-51427",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-32585",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"id": "CVE-2022-32585",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-32585",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-32585",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-32585",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-32585",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2022-51427",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2900",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2022-32585",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51427"
},
{
"db": "VULMON",
"id": "CVE-2022-32585"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012755"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2900"
},
{
"db": "NVD",
"id": "CVE-2022-32585"
},
{
"db": "NVD",
"id": "CVE-2022-32585"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A command execution vulnerability exists in the clish art2 functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. robustel of r1510 There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32585"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012755"
},
{
"db": "CNVD",
"id": "CNVD-2022-51427"
},
{
"db": "VULMON",
"id": "CVE-2022-32585"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-32585",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1570",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012755",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-51427",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071513",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2900",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-32585",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51427"
},
{
"db": "VULMON",
"id": "CVE-2022-32585"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012755"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2900"
},
{
"db": "NVD",
"id": "CVE-2022-32585"
}
]
},
"id": "VAR-202206-2306",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51427"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51427"
}
]
},
"last_update_date": "2024-08-14T13:22:04.698000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Robustel R1510 Command Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/339301"
},
{
"title": "Robustel R1510 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=198388"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51427"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2900"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-489",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012755"
},
{
"db": "NVD",
"id": "CVE-2022-32585"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1570"
},
{
"trust": 1.2,
"url": "https://cxsecurity.com/cveshow/cve-2022-32585/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32585"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071513"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51427"
},
{
"db": "VULMON",
"id": "CVE-2022-32585"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012755"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2900"
},
{
"db": "NVD",
"id": "CVE-2022-32585"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-51427"
},
{
"db": "VULMON",
"id": "CVE-2022-32585"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012755"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2900"
},
{
"db": "NVD",
"id": "CVE-2022-32585"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-51427"
},
{
"date": "2022-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-32585"
},
{
"date": "2023-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-012755"
},
{
"date": "2022-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2900"
},
{
"date": "2022-06-30T19:15:08.340000",
"db": "NVD",
"id": "CVE-2022-32585"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-51427"
},
{
"date": "2022-07-12T00:00:00",
"db": "VULMON",
"id": "CVE-2022-32585"
},
{
"date": "2023-09-01T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-012755"
},
{
"date": "2022-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2900"
},
{
"date": "2022-07-12T19:44:25.667000",
"db": "NVD",
"id": "CVE-2022-32585"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2900"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "robustel\u00a0 of \u00a0r1510\u00a0 Firmware vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012755"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2900"
}
],
"trust": 0.6
}
}
VAR-202206-2273
Vulnerability from variot - Updated: 2024-08-14 13:22Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The /ajax/clear_tools_log/ API is affected by command injection vulnerability. robustel of r1510 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2273",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r1510",
"scope": "eq",
"trust": 1.6,
"vendor": "robustel",
"version": "3.3.0"
},
{
"model": "r1510",
"scope": null,
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.3.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51423"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012745"
},
{
"db": "NVD",
"id": "CVE-2022-33325"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2895"
}
],
"trust": 0.6
},
"cve": "CVE-2022-33325",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-33325",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-51423",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-33325",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"id": "CVE-2022-33325",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-33325",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-33325",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-33325",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-33325",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2022-51423",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2895",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2022-33325",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51423"
},
{
"db": "VULMON",
"id": "CVE-2022-33325"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012745"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2895"
},
{
"db": "NVD",
"id": "CVE-2022-33325"
},
{
"db": "NVD",
"id": "CVE-2022-33325"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/clear_tools_log/` API is affected by command injection vulnerability. robustel of r1510 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-33325"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012745"
},
{
"db": "CNVD",
"id": "CNVD-2022-51423"
},
{
"db": "VULMON",
"id": "CVE-2022-33325"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-33325",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1573",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012745",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-51423",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071513",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2895",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-33325",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51423"
},
{
"db": "VULMON",
"id": "CVE-2022-33325"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012745"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2895"
},
{
"db": "NVD",
"id": "CVE-2022-33325"
}
]
},
"id": "VAR-202206-2273",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51423"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51423"
}
]
},
"last_update_date": "2024-08-14T13:22:04.668000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Robustel R1510 Operating System Command Injection Vulnerability (CNVD-2022-51423)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/339331"
},
{
"title": "Robustel R1510 Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=198383"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51423"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2895"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012745"
},
{
"db": "NVD",
"id": "CVE-2022-33325"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1573"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33325"
},
{
"trust": 0.6,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2022-33325"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-33325/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071513"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51423"
},
{
"db": "VULMON",
"id": "CVE-2022-33325"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012745"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2895"
},
{
"db": "NVD",
"id": "CVE-2022-33325"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-51423"
},
{
"db": "VULMON",
"id": "CVE-2022-33325"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012745"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2895"
},
{
"db": "NVD",
"id": "CVE-2022-33325"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-51423"
},
{
"date": "2022-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-33325"
},
{
"date": "2023-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-012745"
},
{
"date": "2022-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2895"
},
{
"date": "2022-06-30T19:15:08.547000",
"db": "NVD",
"id": "CVE-2022-33325"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-51423"
},
{
"date": "2022-07-12T00:00:00",
"db": "VULMON",
"id": "CVE-2022-33325"
},
{
"date": "2023-09-01T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-012745"
},
{
"date": "2022-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2895"
},
{
"date": "2022-07-12T20:01:30.937000",
"db": "NVD",
"id": "CVE-2022-33325"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2895"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "robustel\u00a0 of \u00a0r1510\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012745"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2895"
}
],
"trust": 0.6
}
}
VAR-202210-0938
Vulnerability from variot - Updated: 2024-08-14 13:21A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the /action/import_nodejs_app/ API. robustel of r1510 An out-of-bounds read vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-0938",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r1510",
"scope": "eq",
"trust": 1.0,
"vendor": "robustel",
"version": "3.1.16"
},
{
"model": "r1510",
"scope": "eq",
"trust": 1.0,
"vendor": "robustel",
"version": "3.3.0"
},
{
"model": "r1510",
"scope": null,
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.3.0"
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.1.16"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019837"
},
{
"db": "NVD",
"id": "CVE-2022-35265"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1018"
}
],
"trust": 0.6
},
"cve": "CVE-2022-35265",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2022-35265",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-35265",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-35265",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-35265",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-35265",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-35265",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-1018",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019837"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1018"
},
{
"db": "NVD",
"id": "CVE-2022-35265"
},
{
"db": "NVD",
"id": "CVE-2022-35265"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_nodejs_app/` API. robustel of r1510 An out-of-bounds read vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-35265"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019837"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-35265",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2022-1575",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019837",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1018",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019837"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1018"
},
{
"db": "NVD",
"id": "CVE-2022-35265"
}
]
},
"id": "VAR-202210-0938",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T13:21:36.076000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Robustel R1510 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=218681"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1018"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019837"
},
{
"db": "NVD",
"id": "CVE-2022-35265"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1575"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35265"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-35265/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019837"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1018"
},
{
"db": "NVD",
"id": "CVE-2022-35265"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019837"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1018"
},
{
"db": "NVD",
"id": "CVE-2022-35265"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019837"
},
{
"date": "2022-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1018"
},
{
"date": "2022-10-25T17:15:54.063000",
"db": "NVD",
"id": "CVE-2022-35265"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-019837"
},
{
"date": "2022-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1018"
},
{
"date": "2023-03-08T01:09:41.007000",
"db": "NVD",
"id": "CVE-2022-35265"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1018"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "robustel\u00a0 of \u00a0r1510\u00a0 Out-of-bounds read vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019837"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1018"
}
],
"trust": 0.6
}
}
VAR-202210-0947
Vulnerability from variot - Updated: 2024-08-14 13:21A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the /action/import_aaa_cert_file/ API. robustel of r1510 An out-of-bounds read vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-0947",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r1510",
"scope": "eq",
"trust": 1.0,
"vendor": "robustel",
"version": "3.1.16"
},
{
"model": "r1510",
"scope": "eq",
"trust": 1.0,
"vendor": "robustel",
"version": "3.3.0"
},
{
"model": "r1510",
"scope": null,
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.3.0"
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.1.16"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019838"
},
{
"db": "NVD",
"id": "CVE-2022-35264"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1011"
}
],
"trust": 0.6
},
"cve": "CVE-2022-35264",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2022-35264",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-35264",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-35264",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-35264",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-35264",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-35264",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-1011",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019838"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1011"
},
{
"db": "NVD",
"id": "CVE-2022-35264"
},
{
"db": "NVD",
"id": "CVE-2022-35264"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_aaa_cert_file/` API. robustel of r1510 An out-of-bounds read vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-35264"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019838"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-35264",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2022-1575",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019838",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1011",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019838"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1011"
},
{
"db": "NVD",
"id": "CVE-2022-35264"
}
]
},
"id": "VAR-202210-0947",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T13:21:36.054000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Robustel R1510 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=218675"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1011"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019838"
},
{
"db": "NVD",
"id": "CVE-2022-35264"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1575"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35264"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-35264/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019838"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1011"
},
{
"db": "NVD",
"id": "CVE-2022-35264"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019838"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1011"
},
{
"db": "NVD",
"id": "CVE-2022-35264"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019838"
},
{
"date": "2022-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1011"
},
{
"date": "2022-10-25T17:15:54.007000",
"db": "NVD",
"id": "CVE-2022-35264"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-019838"
},
{
"date": "2022-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1011"
},
{
"date": "2023-04-26T19:16:09.657000",
"db": "NVD",
"id": "CVE-2022-35264"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1011"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "robustel\u00a0 of \u00a0r1510\u00a0 Out-of-bounds read vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019838"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1011"
}
],
"trust": 0.6
}
}
VAR-202210-0942
Vulnerability from variot - Updated: 2024-08-14 13:21A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the /action/import_cert_file/ API. robustel of r1510 An out-of-bounds read vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-0942",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r1510",
"scope": "eq",
"trust": 1.0,
"vendor": "robustel",
"version": "3.1.16"
},
{
"model": "r1510",
"scope": "eq",
"trust": 1.0,
"vendor": "robustel",
"version": "3.3.0"
},
{
"model": "r1510",
"scope": null,
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.3.0"
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.1.16"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019831"
},
{
"db": "NVD",
"id": "CVE-2022-35271"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1012"
}
],
"trust": 0.6
},
"cve": "CVE-2022-35271",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2022-35271",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-35271",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-35271",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-35271",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-35271",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-35271",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-1012",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019831"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1012"
},
{
"db": "NVD",
"id": "CVE-2022-35271"
},
{
"db": "NVD",
"id": "CVE-2022-35271"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_cert_file/` API. robustel of r1510 An out-of-bounds read vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-35271"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019831"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-35271",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2022-1575",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019831",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1012",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019831"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1012"
},
{
"db": "NVD",
"id": "CVE-2022-35271"
}
]
},
"id": "VAR-202210-0942",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T13:21:36.033000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Robustel R1510 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=218676"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1012"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019831"
},
{
"db": "NVD",
"id": "CVE-2022-35271"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1575"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35271"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-35271/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019831"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1012"
},
{
"db": "NVD",
"id": "CVE-2022-35271"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019831"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1012"
},
{
"db": "NVD",
"id": "CVE-2022-35271"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019831"
},
{
"date": "2022-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1012"
},
{
"date": "2022-10-25T17:15:54.407000",
"db": "NVD",
"id": "CVE-2022-35271"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-019831"
},
{
"date": "2022-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1012"
},
{
"date": "2023-02-23T23:49:35.503000",
"db": "NVD",
"id": "CVE-2022-35271"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1012"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "robustel\u00a0 of \u00a0r1510\u00a0 Out-of-bounds read vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019831"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1012"
}
],
"trust": 0.6
}
}
VAR-202210-0940
Vulnerability from variot - Updated: 2024-08-14 13:21A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the /action/import_https_cert_file/ API. robustel of r1510 An out-of-bounds read vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-0940",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r1510",
"scope": "eq",
"trust": 1.0,
"vendor": "robustel",
"version": "3.1.16"
},
{
"model": "r1510",
"scope": "eq",
"trust": 1.0,
"vendor": "robustel",
"version": "3.3.0"
},
{
"model": "r1510",
"scope": null,
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.3.0"
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.1.16"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019835"
},
{
"db": "NVD",
"id": "CVE-2022-35267"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1023"
}
],
"trust": 0.6
},
"cve": "CVE-2022-35267",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2022-35267",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-35267",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-35267",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-35267",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-35267",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-35267",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-1023",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019835"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1023"
},
{
"db": "NVD",
"id": "CVE-2022-35267"
},
{
"db": "NVD",
"id": "CVE-2022-35267"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_https_cert_file/` API. robustel of r1510 An out-of-bounds read vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-35267"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019835"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-35267",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2022-1575",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019835",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1023",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019835"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1023"
},
{
"db": "NVD",
"id": "CVE-2022-35267"
}
]
},
"id": "VAR-202210-0940",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T13:21:36.010000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Robustel R1510 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=218683"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1023"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019835"
},
{
"db": "NVD",
"id": "CVE-2022-35267"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1575"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35267"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-35267/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019835"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1023"
},
{
"db": "NVD",
"id": "CVE-2022-35267"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019835"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1023"
},
{
"db": "NVD",
"id": "CVE-2022-35267"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019835"
},
{
"date": "2022-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1023"
},
{
"date": "2022-10-25T17:15:54.177000",
"db": "NVD",
"id": "CVE-2022-35267"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-019835"
},
{
"date": "2022-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1023"
},
{
"date": "2023-03-01T01:52:39.317000",
"db": "NVD",
"id": "CVE-2022-35267"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1023"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "robustel\u00a0 of \u00a0r1510\u00a0 Out-of-bounds read vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019835"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1023"
}
],
"trust": 0.6
}
}
VAR-202210-0937
Vulnerability from variot - Updated: 2024-08-14 13:21A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the /action/import_firmware/ API. robustel of r1510 An out-of-bounds read vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-0937",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r1510",
"scope": "eq",
"trust": 1.0,
"vendor": "robustel",
"version": "3.1.16"
},
{
"model": "r1510",
"scope": "eq",
"trust": 1.0,
"vendor": "robustel",
"version": "3.3.0"
},
{
"model": "r1510",
"scope": null,
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.3.0"
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.1.16"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019836"
},
{
"db": "NVD",
"id": "CVE-2022-35266"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1013"
}
],
"trust": 0.6
},
"cve": "CVE-2022-35266",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2022-35266",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-35266",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-35266",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-35266",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-35266",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-35266",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-1013",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019836"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1013"
},
{
"db": "NVD",
"id": "CVE-2022-35266"
},
{
"db": "NVD",
"id": "CVE-2022-35266"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_firmware/` API. robustel of r1510 An out-of-bounds read vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-35266"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019836"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-35266",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2022-1575",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019836",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1013",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019836"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1013"
},
{
"db": "NVD",
"id": "CVE-2022-35266"
}
]
},
"id": "VAR-202210-0937",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T13:21:35.989000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Robustel R1510 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=218677"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1013"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019836"
},
{
"db": "NVD",
"id": "CVE-2022-35266"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1575"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35266"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-35266/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019836"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1013"
},
{
"db": "NVD",
"id": "CVE-2022-35266"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019836"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1013"
},
{
"db": "NVD",
"id": "CVE-2022-35266"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019836"
},
{
"date": "2022-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1013"
},
{
"date": "2022-10-25T17:15:54.120000",
"db": "NVD",
"id": "CVE-2022-35266"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-019836"
},
{
"date": "2022-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1013"
},
{
"date": "2023-05-16T22:36:44.887000",
"db": "NVD",
"id": "CVE-2022-35266"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1013"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "robustel\u00a0 of \u00a0r1510\u00a0 Out-of-bounds read vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019836"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1013"
}
],
"trust": 0.6
}
}
VAR-202210-0939
Vulnerability from variot - Updated: 2024-08-14 13:21A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the /action/import_file/ API. robustel of r1510 An out-of-bounds read vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-0939",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r1510",
"scope": "eq",
"trust": 1.0,
"vendor": "robustel",
"version": "3.1.16"
},
{
"model": "r1510",
"scope": "eq",
"trust": 1.0,
"vendor": "robustel",
"version": "3.3.0"
},
{
"model": "r1510",
"scope": null,
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.3.0"
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.1.16"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019839"
},
{
"db": "NVD",
"id": "CVE-2022-35263"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1024"
}
],
"trust": 0.6
},
"cve": "CVE-2022-35263",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2022-35263",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-35263",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-35263",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-35263",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-35263",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-35263",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-1024",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019839"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1024"
},
{
"db": "NVD",
"id": "CVE-2022-35263"
},
{
"db": "NVD",
"id": "CVE-2022-35263"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_file/` API. robustel of r1510 An out-of-bounds read vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-35263"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019839"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-35263",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2022-1575",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019839",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1024",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019839"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1024"
},
{
"db": "NVD",
"id": "CVE-2022-35263"
}
]
},
"id": "VAR-202210-0939",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T13:21:35.967000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Robustel R1510 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=218684"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1024"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019839"
},
{
"db": "NVD",
"id": "CVE-2022-35263"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1575"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35263"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-35263/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019839"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1024"
},
{
"db": "NVD",
"id": "CVE-2022-35263"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019839"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1024"
},
{
"db": "NVD",
"id": "CVE-2022-35263"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019839"
},
{
"date": "2022-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1024"
},
{
"date": "2022-10-25T17:15:53.947000",
"db": "NVD",
"id": "CVE-2022-35263"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-019839"
},
{
"date": "2022-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1024"
},
{
"date": "2023-04-26T19:16:39.727000",
"db": "NVD",
"id": "CVE-2022-35263"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1024"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "robustel\u00a0 of \u00a0r1510\u00a0 Out-of-bounds read vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019839"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1024"
}
],
"trust": 0.6
}
}
VAR-202210-0943
Vulnerability from variot - Updated: 2024-08-14 13:21A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the /action/import_wireguard_cert_file/ API. robustel of r1510 An out-of-bounds read vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-0943",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r1510",
"scope": "eq",
"trust": 1.0,
"vendor": "robustel",
"version": "3.1.16"
},
{
"model": "r1510",
"scope": "eq",
"trust": 1.0,
"vendor": "robustel",
"version": "3.3.0"
},
{
"model": "r1510",
"scope": null,
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.3.0"
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.1.16"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019832"
},
{
"db": "NVD",
"id": "CVE-2022-35270"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1017"
}
],
"trust": 0.6
},
"cve": "CVE-2022-35270",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2022-35270",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-35270",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-35270",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-35270",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-35270",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-35270",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-1017",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019832"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1017"
},
{
"db": "NVD",
"id": "CVE-2022-35270"
},
{
"db": "NVD",
"id": "CVE-2022-35270"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_wireguard_cert_file/` API. robustel of r1510 An out-of-bounds read vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-35270"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019832"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-35270",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2022-1575",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019832",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1017",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019832"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1017"
},
{
"db": "NVD",
"id": "CVE-2022-35270"
}
]
},
"id": "VAR-202210-0943",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T13:21:35.946000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Robustel R1510 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=218680"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1017"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019832"
},
{
"db": "NVD",
"id": "CVE-2022-35270"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1575"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35270"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-35270/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019832"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1017"
},
{
"db": "NVD",
"id": "CVE-2022-35270"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019832"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1017"
},
{
"db": "NVD",
"id": "CVE-2022-35270"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019832"
},
{
"date": "2022-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1017"
},
{
"date": "2022-10-25T17:15:54.347000",
"db": "NVD",
"id": "CVE-2022-35270"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-019832"
},
{
"date": "2022-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1017"
},
{
"date": "2023-02-23T23:53:20.173000",
"db": "NVD",
"id": "CVE-2022-35270"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1017"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "robustel\u00a0 of \u00a0r1510\u00a0 Out-of-bounds read vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019832"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1017"
}
],
"trust": 0.6
}
}
VAR-202210-0941
Vulnerability from variot - Updated: 2024-08-14 13:21A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the /action/import_sdk_file/ API. robustel of r1510 A firmware vulnerability exists regarding the handling of exceptional conditions.Service operation interruption (DoS) It may be in a state
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-0941",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r1510",
"scope": "eq",
"trust": 1.0,
"vendor": "robustel",
"version": "3.1.16"
},
{
"model": "r1510",
"scope": "eq",
"trust": 1.0,
"vendor": "robustel",
"version": "3.3.0"
},
{
"model": "r1510",
"scope": null,
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.3.0"
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.1.16"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019834"
},
{
"db": "NVD",
"id": "CVE-2022-35268"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1021"
}
],
"trust": 0.6
},
"cve": "CVE-2022-35268",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2022-35268",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-35268",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-35268",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-35268",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-35268",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-35268",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-1021",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019834"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1021"
},
{
"db": "NVD",
"id": "CVE-2022-35268"
},
{
"db": "NVD",
"id": "CVE-2022-35268"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_sdk_file/` API. robustel of r1510 A firmware vulnerability exists regarding the handling of exceptional conditions.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-35268"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019834"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-35268",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2022-1575",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019834",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1021",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019834"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1021"
},
{
"db": "NVD",
"id": "CVE-2022-35268"
}
]
},
"id": "VAR-202210-0941",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T13:21:35.924000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Robustel R1510 Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=226724"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1021"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "CWE-755",
"trust": 1.0
},
{
"problemtype": "Improper handling in exceptional conditions (CWE-755) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019834"
},
{
"db": "NVD",
"id": "CVE-2022-35268"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1575"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35268"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-35268/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019834"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1021"
},
{
"db": "NVD",
"id": "CVE-2022-35268"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019834"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1021"
},
{
"db": "NVD",
"id": "CVE-2022-35268"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019834"
},
{
"date": "2022-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1021"
},
{
"date": "2022-10-25T17:15:54.233000",
"db": "NVD",
"id": "CVE-2022-35268"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-019834"
},
{
"date": "2023-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1021"
},
{
"date": "2023-06-29T15:31:22.193000",
"db": "NVD",
"id": "CVE-2022-35268"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1021"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "robustel\u00a0 of \u00a0r1510\u00a0 Exceptional condition handling vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019834"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1021"
}
],
"trust": 0.6
}
}
VAR-202210-0945
Vulnerability from variot - Updated: 2024-08-14 13:21A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the /action/import_xml_file/ API. robustel of r1510 An out-of-bounds read vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-0945",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r1510",
"scope": "eq",
"trust": 1.0,
"vendor": "robustel",
"version": "3.1.16"
},
{
"model": "r1510",
"scope": "eq",
"trust": 1.0,
"vendor": "robustel",
"version": "3.3.0"
},
{
"model": "r1510",
"scope": null,
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.3.0"
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.1.16"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019840"
},
{
"db": "NVD",
"id": "CVE-2022-35262"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1025"
}
],
"trust": 0.6
},
"cve": "CVE-2022-35262",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2022-35262",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-35262",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-35262",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-35262",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-35262",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-35262",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-1025",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019840"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1025"
},
{
"db": "NVD",
"id": "CVE-2022-35262"
},
{
"db": "NVD",
"id": "CVE-2022-35262"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_xml_file/` API. robustel of r1510 An out-of-bounds read vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-35262"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019840"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-35262",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2022-1575",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019840",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1025",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019840"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1025"
},
{
"db": "NVD",
"id": "CVE-2022-35262"
}
]
},
"id": "VAR-202210-0945",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T13:21:35.901000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Robustel R1510 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=218685"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1025"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019840"
},
{
"db": "NVD",
"id": "CVE-2022-35262"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1575"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35262"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-35262/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019840"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1025"
},
{
"db": "NVD",
"id": "CVE-2022-35262"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019840"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1025"
},
{
"db": "NVD",
"id": "CVE-2022-35262"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019840"
},
{
"date": "2022-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1025"
},
{
"date": "2022-10-25T17:15:53.890000",
"db": "NVD",
"id": "CVE-2022-35262"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-019840"
},
{
"date": "2022-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1025"
},
{
"date": "2023-04-26T19:17:00.687000",
"db": "NVD",
"id": "CVE-2022-35262"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1025"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "robustel\u00a0 of \u00a0r1510\u00a0 Out-of-bounds read vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019840"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1025"
}
],
"trust": 0.6
}
}
VAR-202210-0946
Vulnerability from variot - Updated: 2024-08-14 13:21A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the /action/import_e2c_json_file/ API. robustel of r1510 An out-of-bounds read vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-0946",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r1510",
"scope": "eq",
"trust": 1.0,
"vendor": "robustel",
"version": "3.1.16"
},
{
"model": "r1510",
"scope": "eq",
"trust": 1.0,
"vendor": "robustel",
"version": "3.3.0"
},
{
"model": "r1510",
"scope": null,
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.3.0"
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.1.16"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019833"
},
{
"db": "NVD",
"id": "CVE-2022-35269"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1015"
}
],
"trust": 0.6
},
"cve": "CVE-2022-35269",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2022-35269",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-35269",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-35269",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-35269",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-35269",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-35269",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-1015",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019833"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1015"
},
{
"db": "NVD",
"id": "CVE-2022-35269"
},
{
"db": "NVD",
"id": "CVE-2022-35269"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_e2c_json_file/` API. robustel of r1510 An out-of-bounds read vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-35269"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019833"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-35269",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2022-1575",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019833",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1015",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019833"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1015"
},
{
"db": "NVD",
"id": "CVE-2022-35269"
}
]
},
"id": "VAR-202210-0946",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T13:21:35.879000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Robustel R1510 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=218678"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1015"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019833"
},
{
"db": "NVD",
"id": "CVE-2022-35269"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1575"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35269"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-35269/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019833"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1015"
},
{
"db": "NVD",
"id": "CVE-2022-35269"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019833"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1015"
},
{
"db": "NVD",
"id": "CVE-2022-35269"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019833"
},
{
"date": "2022-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1015"
},
{
"date": "2022-10-25T17:15:54.290000",
"db": "NVD",
"id": "CVE-2022-35269"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-019833"
},
{
"date": "2022-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1015"
},
{
"date": "2023-02-23T23:57:06.940000",
"db": "NVD",
"id": "CVE-2022-35269"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1015"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "robustel\u00a0 of \u00a0r1510\u00a0 Out-of-bounds read vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019833"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1015"
}
],
"trust": 0.6
}
}
VAR-202210-0944
Vulnerability from variot - Updated: 2024-08-14 13:21A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the /action/import_authorized_keys/ API. robustel of r1510 An out-of-bounds read vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-0944",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r1510",
"scope": "eq",
"trust": 1.0,
"vendor": "robustel",
"version": "3.1.16"
},
{
"model": "r1510",
"scope": "eq",
"trust": 1.0,
"vendor": "robustel",
"version": "3.3.0"
},
{
"model": "r1510",
"scope": null,
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": null
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.3.0"
},
{
"model": "r1510",
"scope": "eq",
"trust": 0.8,
"vendor": "robustel",
"version": "r1510 firmware 3.1.16"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019841"
},
{
"db": "NVD",
"id": "CVE-2022-35261"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1016"
}
],
"trust": 0.6
},
"cve": "CVE-2022-35261",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2022-35261",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-35261",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-35261",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-35261",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-35261",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-35261",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-1016",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019841"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1016"
},
{
"db": "NVD",
"id": "CVE-2022-35261"
},
{
"db": "NVD",
"id": "CVE-2022-35261"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_authorized_keys/` API. robustel of r1510 An out-of-bounds read vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-35261"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019841"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-35261",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2022-1575",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019841",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1016",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019841"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1016"
},
{
"db": "NVD",
"id": "CVE-2022-35261"
}
]
},
"id": "VAR-202210-0944",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T13:21:35.857000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Robustel R1510 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=218679"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1016"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019841"
},
{
"db": "NVD",
"id": "CVE-2022-35261"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1575"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35261"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-35261/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019841"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1016"
},
{
"db": "NVD",
"id": "CVE-2022-35261"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019841"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1016"
},
{
"db": "NVD",
"id": "CVE-2022-35261"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019841"
},
{
"date": "2022-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1016"
},
{
"date": "2022-10-25T17:15:53.827000",
"db": "NVD",
"id": "CVE-2022-35261"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-27T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-019841"
},
{
"date": "2022-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1016"
},
{
"date": "2023-04-26T19:17:33.857000",
"db": "NVD",
"id": "CVE-2022-35261"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1016"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "robustel\u00a0 of \u00a0r1510\u00a0 Out-of-bounds read vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019841"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1016"
}
],
"trust": 0.6
}
}
CVE-2022-35271 (GCVE-0-2022-35271)
Vulnerability from nvd – Published: 2022-10-25 16:34 – Updated: 2025-04-15 18:43
VLAI?
Summary
A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_cert_file/` API.
Severity ?
4.9 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:36:43.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1575"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-35271",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T18:16:49.354286Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T18:43:37.520Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "R1510",
"vendor": "Robustel",
"versions": [
{
"status": "affected",
"version": "3.1.16"
},
{
"status": "affected",
"version": "3.3.0"
}
]
}
],
"datePublic": "2022-10-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_cert_file/` API."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-22T00:00:00.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1575"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2022-35271",
"datePublished": "2022-10-25T16:34:12.271Z",
"dateReserved": "2022-07-06T00:00:00.000Z",
"dateUpdated": "2025-04-15T18:43:37.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35270 (GCVE-0-2022-35270)
Vulnerability from nvd – Published: 2022-10-25 16:34 – Updated: 2025-04-15 18:43
VLAI?
Summary
A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_wireguard_cert_file/` API.
Severity ?
4.9 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:36:42.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1575"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-35270",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T18:16:52.060962Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T18:43:45.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "R1510",
"vendor": "Robustel",
"versions": [
{
"status": "affected",
"version": "3.1.16"
},
{
"status": "affected",
"version": "3.3.0"
}
]
}
],
"datePublic": "2022-10-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_wireguard_cert_file/` API."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-22T00:00:00.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1575"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2022-35270",
"datePublished": "2022-10-25T16:34:11.273Z",
"dateReserved": "2022-07-06T00:00:00.000Z",
"dateUpdated": "2025-04-15T18:43:45.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35269 (GCVE-0-2022-35269)
Vulnerability from nvd – Published: 2022-10-25 16:34 – Updated: 2025-04-15 18:43
VLAI?
Summary
A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_e2c_json_file/` API.
Severity ?
4.9 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:36:42.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1575"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-35269",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T18:16:54.939481Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T18:43:53.027Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "R1510",
"vendor": "Robustel",
"versions": [
{
"status": "affected",
"version": "3.1.16"
},
{
"status": "affected",
"version": "3.3.0"
}
]
}
],
"datePublic": "2022-10-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_e2c_json_file/` API."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-22T00:00:00.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1575"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2022-35269",
"datePublished": "2022-10-25T16:34:10.287Z",
"dateReserved": "2022-07-06T00:00:00.000Z",
"dateUpdated": "2025-04-15T18:43:53.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35268 (GCVE-0-2022-35268)
Vulnerability from nvd – Published: 2022-10-25 16:34 – Updated: 2025-04-15 18:44
VLAI?
Summary
A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_sdk_file/` API.
Severity ?
4.9 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:36:43.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1575"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-35268",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T18:16:57.820615Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T18:44:03.218Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "R1510",
"vendor": "Robustel",
"versions": [
{
"status": "affected",
"version": "3.1.16"
},
{
"status": "affected",
"version": "3.3.0"
}
]
}
],
"datePublic": "2022-10-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_sdk_file/` API."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-22T00:00:00.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1575"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2022-35268",
"datePublished": "2022-10-25T16:34:09.277Z",
"dateReserved": "2022-07-06T00:00:00.000Z",
"dateUpdated": "2025-04-15T18:44:03.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}