CVE-2022-40282

The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is BSECV-2022-21.
CVSS

No CVSS.

Configurations

No configuration.

History

30 Nov 2022, 23:15

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/170063/Hirschmann-Belden-BAT-C2-8.8.1.0R8-Command-Injection.html -

29 Nov 2022, 21:15

Type Values Removed Values Added
References
  • (FULLDISC) http://seclists.org/fulldisclosure/2022/Nov/19 -

25 Nov 2022, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-11-25 05:15

Updated : 2022-11-30 23:15


NVD link : CVE-2022-40282

Mitre link : CVE-2022-40282


JSON object : View

Products Affected

No product.

CWE

No CWE.