Skip to content

Latest commit

 

History

History

CVE-2022-23332

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 

CVE-2022-23333

Command Injection Vulnerability (Remote Code Execution)

  • Product: VoIP Gateway
  • Model: ACOM508/ACOM516/ACOM532 (Ejoin Technology)
  • Affect Version:
    - 508-609-900-241-100-020 or below
    - 532-609-915-041-100-020 or below
  • CVSS: 8.8 High (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
  • Description:
    Command injection vulnerability in Manual Ping (Web UI) allows a remote attacker to inject arbitrary code via the field. Attack command needs to be split as the device only takes 5 strings each time through the web.
  • PoC Result: image