Vulnerability-Lookup

CVE-2022-33313 (GCVE-0-2022-33313)

Vulnerability from cvelistv5 – Published: 2022-06-30 19:05 – Updated: 2025-04-15 18:59

Summary

Severity ?

9.1 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

talos

References

URL

Tags

https://talosintelligence.com/vulnerability_repor…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Robustel	R1510	Affected: 3.3.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:01:20.517Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1572"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-33313",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-15T18:21:59.973909Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-15T18:59:46.613Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "R1510",
          "vendor": "Robustel",
          "versions": [
            {
              "status": "affected",
              "version": "3.3.0"
            }
          ]
        }
      ],
      "datePublic": "2022-06-30T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_https_cert_file/` API is affected by command injection vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-30T19:05:34.000Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1572"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "DATE_PUBLIC": "2022-06-30",
          "ID": "CVE-2022-33313",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "R1510",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "3.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Robustel"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_https_cert_file/` API is affected by command injection vulnerability."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 9.1,
            "baseSeverity": "Critical",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1572",
              "refsource": "MISC",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1572"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2022-33313",
    "datePublished": "2022-06-30T19:05:34.567Z",
    "dateReserved": "2022-06-14T00:00:00.000Z",
    "dateUpdated": "2025-04-15T18:59:46.613Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-33313\",\"sourceIdentifier\":\"talos-cna@cisco.com\",\"published\":\"2022-06-30T19:15:08.447\",\"lastModified\":\"2024-11-21T07:08:09.643\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_https_cert_file/` API is affected by command injection vulnerability.\"},{\"lang\":\"es\",\"value\":\"Se presentan m\u00faltiples vulnerabilidades de inyecci\u00f3n de comandos en las funcionalidades de los endpoints de acci\u00f3n del servidor web de Robustel R1510 versi\u00f3n 3.3.0. Una petici\u00f3n de red especialmente dise\u00f1ada puede conllevar a una ejecuci\u00f3n de un comando arbitrario. Un atacante puede enviar una secuencia de peticiones para desencadenar estas vulnerabilidades. La API \\\"/action/import_https_cert_file/\\\" est\u00e1 afectada por una vulnerabilidad de inyecci\u00f3n de comandos\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"talos-cna@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.3,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"talos-cna@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:robustel:r1510_firmware:3.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F5663AF-C644-4A6A-A446-6B2F6E865528\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:robustel:r1510:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70006835-1E28-4F2C-B84D-C1B8B3C9EB93\"}]}]}],\"references\":[{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2022-1572\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2022-1572\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2022-1572\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T08:01:20.517Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-33313\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-15T18:21:59.973909Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-15T18:22:02.424Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_0\": {\"scope\": \"CHANGED\", \"version\": \"3.0\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Robustel\", \"product\": \"R1510\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.3.0\"}]}], \"datePublic\": \"2022-06-30T00:00:00.000Z\", \"references\": [{\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2022-1572\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_https_cert_file/` API is affected by command injection vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b\", \"shortName\": \"talos\", \"dateUpdated\": \"2022-06-30T19:05:34.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"version\": \"3.0\", \"baseScore\": 9.1, \"baseSeverity\": \"Critical\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\"}}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"3.3.0\", \"version_affected\": \"=\"}]}, \"product_name\": \"R1510\"}]}, \"vendor_name\": \"Robustel\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2022-1572\", \"name\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2022-1572\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_https_cert_file/` API is affected by command injection vulnerability.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-33313\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"talos-cna@cisco.com\", \"DATE_PUBLIC\": \"2022-06-30\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-33313\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-15T18:59:46.613Z\", \"dateReserved\": \"2022-06-14T00:00:00.000Z\", \"assignerOrgId\": \"b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b\", \"datePublished\": \"2022-06-30T19:05:34.567Z\", \"assignerShortName\": \"talos\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CNVD-2022-51429

Vulnerability from cnvd - Published: 2022-07-14

Title

Robustel R1510操作系统命令注入漏洞（CNVD-2022-51429）

Description

Robustel R1510是中国Robustel公司的一款工业VPN路由器。 Robustel R1510存在操作系统命令注入漏洞，该漏洞源于特制的网络数据包可在`/action/import_https_cert_file/`API中受到命令注入漏洞的影响，攻击者可利用该漏洞导致任意命令执行。

Severity

高

Patch Name

Robustel R1510操作系统命令注入漏洞（CNVD-2022-51429）的补丁

Patch Description

Robustel R1510是中国Robustel公司的一款工业VPN路由器。 Robustel R1510存在操作系统命令注入漏洞，该漏洞源于特制的网络数据包可在`/action/import_https_cert_file/`API中受到命令注入漏洞的影响，攻击者可利用该漏洞导致任意命令执行。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://talosintelligence.com/vulnerability_reports/TALOS-2022-1573

Reference

https://cxsecurity.com/cveshow/CVE-2022-33313/

Impacted products

Name
Robustel R1510 3.3.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-33313"
    }
  },
  "description": "Robustel R1510\u662f\u4e2d\u56fdRobustel\u516c\u53f8\u7684\u4e00\u6b3e\u5de5\u4e1aVPN\u8def\u7531\u5668\u3002\n\nRobustel R1510\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7279\u5236\u7684\u7f51\u7edc\u6570\u636e\u5305\u53ef\u5728`/action/import_https_cert_file/`API\u4e2d\u53d7\u5230\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u5f71\u54cd\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u4efb\u610f\u547d\u4ee4\u6267\u884c\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2022-1573",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-51429",
  "openTime": "2022-07-14",
  "patchDescription": "Robustel R1510\u662f\u4e2d\u56fdRobustel\u516c\u53f8\u7684\u4e00\u6b3e\u5de5\u4e1aVPN\u8def\u7531\u5668\u3002\r\n\r\nRobustel R1510\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7279\u5236\u7684\u7f51\u7edc\u6570\u636e\u5305\u53ef\u5728`/action/import_https_cert_file/`API\u4e2d\u53d7\u5230\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u5f71\u54cd\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u4efb\u610f\u547d\u4ee4\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Robustel R1510\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2022-51429\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Robustel R1510 3.3.0"
  },
  "referenceLink": "https://cxsecurity.com/cveshow/CVE-2022-33313/",
  "serverity": "\u9ad8",
  "submitTime": "2022-07-04",
  "title": "Robustel R1510\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2022-51429\uff09"
}

GHSA-5H82-G2M2-RMRV

Vulnerability from github – Published: 2022-07-01 00:01 – Updated: 2022-07-13 00:00

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-33313"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-30T19:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_https_cert_file/` API is affected by command injection vulnerability.",
  "id": "GHSA-5h82-g2m2-rmrv",
  "modified": "2022-07-13T00:00:41Z",
  "published": "2022-07-01T00:01:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33313"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1572"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2022-33313

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-33313

Aliases

CVE-2022-33313

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-33313",
    "description": "Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_https_cert_file/` API is affected by command injection vulnerability.",
    "id": "GSD-2022-33313"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-33313"
      ],
      "details": "Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_https_cert_file/` API is affected by command injection vulnerability.",
      "id": "GSD-2022-33313",
      "modified": "2023-12-13T01:19:22.876636Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "talos-cna@cisco.com",
        "DATE_PUBLIC": "2022-06-30",
        "ID": "CVE-2022-33313",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "R1510",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "3.3.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Robustel"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_https_cert_file/` API is affected by command injection vulnerability."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": 9.1,
          "baseSeverity": "Critical",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1572",
            "refsource": "MISC",
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1572"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:robustel:r1510_firmware:3.3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:robustel:r1510:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2022-33313"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_https_cert_file/` API is affected by command injection vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1572",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1572"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-07-12T19:55Z",
      "publishedDate": "2022-06-30T19:15Z"
    }
  }
}

VAR-202206-2267

Vulnerability from variot - Updated: 2024-08-14 13:22

Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The /action/import_https_cert_file/ API is affected by command injection vulnerability. robustel of r1510 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202206-2267",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "r1510",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "robustel",
        "version": "3.3.0"
      },
      {
        "model": "r1510",
        "scope": null,
        "trust": 0.8,
        "vendor": "robustel",
        "version": null
      },
      {
        "model": "r1510",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "robustel",
        "version": null
      },
      {
        "model": "r1510",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "robustel",
        "version": "r1510  firmware  3.3.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-51429"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-012747"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-33313"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2897"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2022-33313",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2022-33313",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2022-51429",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2022-33313",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "talos-cna@cisco.com",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.3,
            "id": "CVE-2022-33313",
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2022-33313",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-33313",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "talos-cna@cisco.com",
            "id": "CVE-2022-33313",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2022-33313",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2022-51429",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202206-2897",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-33313",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-51429"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-33313"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-012747"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2897"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-33313"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-33313"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_https_cert_file/` API is affected by command injection vulnerability. robustel of r1510 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-33313"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-012747"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-51429"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-33313"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-33313",
        "trust": 3.9
      },
      {
        "db": "TALOS",
        "id": "TALOS-2022-1572",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-012747",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-51429",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022071513",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2897",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-33313",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-51429"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-33313"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-012747"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2897"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-33313"
      }
    ]
  },
  "id": "VAR-202206-2267",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-51429"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-51429"
      }
    ]
  },
  "last_update_date": "2024-08-14T13:22:04.941000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Robustel R1510 Operating System Command Injection Vulnerability (CNVD-2022-51429)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/339286"
      },
      {
        "title": "Robustel R1510 Fixes for operating system command injection vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=198385"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-51429"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2897"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.0
      },
      {
        "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-012747"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-33313"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.1,
        "url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1572"
      },
      {
        "trust": 1.2,
        "url": "https://cxsecurity.com/cveshow/cve-2022-33313/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-33313"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022071513"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/78.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-51429"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-33313"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-012747"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2897"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-33313"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-51429"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-33313"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-012747"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2897"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-33313"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-07-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-51429"
      },
      {
        "date": "2022-06-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-33313"
      },
      {
        "date": "2023-09-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-012747"
      },
      {
        "date": "2022-06-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202206-2897"
      },
      {
        "date": "2022-06-30T19:15:08.447000",
        "db": "NVD",
        "id": "CVE-2022-33313"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-07-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-51429"
      },
      {
        "date": "2022-07-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-33313"
      },
      {
        "date": "2023-09-01T08:14:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-012747"
      },
      {
        "date": "2022-07-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202206-2897"
      },
      {
        "date": "2022-07-12T19:55:08.477000",
        "db": "NVD",
        "id": "CVE-2022-33313"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2897"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "robustel\u00a0 of \u00a0r1510\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-012747"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2897"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2022-33313

Vulnerability from fkie_nvd - Published: 2022-06-30 19:15 - Updated: 2024-11-21 07:08

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	talos-cna@cisco.com	https://talosintelligence.com/vulnerability_reports/TALOS-2022-1572	Exploit, Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://talosintelligence.com/vulnerability_reports/TALOS-2022-1572	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	robustel	r1510_firmware	3.3.0
	robustel	r1510	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:robustel:r1510_firmware:3.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F5663AF-C644-4A6A-A446-6B2F6E865528",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:robustel:r1510:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "70006835-1E28-4F2C-B84D-C1B8B3C9EB93",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_https_cert_file/` API is affected by command injection vulnerability."
    },
    {
      "lang": "es",
      "value": "Se presentan m\u00faltiples vulnerabilidades de inyecci\u00f3n de comandos en las funcionalidades de los endpoints de acci\u00f3n del servidor web de Robustel R1510 versi\u00f3n 3.3.0. Una petici\u00f3n de red especialmente dise\u00f1ada puede conllevar a una ejecuci\u00f3n de un comando arbitrario. Un atacante puede enviar una secuencia de peticiones para desencadenar estas vulnerabilidades. La API \"/action/import_https_cert_file/\" est\u00e1 afectada por una vulnerabilidad de inyecci\u00f3n de comandos"
    }
  ],
  "id": "CVE-2022-33313",
  "lastModified": "2024-11-21T07:08:09.643",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 6.0,
        "source": "talos-cna@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-06-30T19:15:08.447",
  "references": [
    {
      "source": "talos-cna@cisco.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1572"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1572"
    }
  ],
  "sourceIdentifier": "talos-cna@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "talos-cna@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-33313 (GCVE-0-2022-33313)

CNVD-2022-51429

GHSA-5H82-G2M2-RMRV

GSD-2022-33313

VAR-202206-2267

FKIE_CVE-2022-33313

Tags

Sightings

Nomenclature