CVE-2022-4221

CVSS V2 None CVSS V3 None
Description
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7.
Overview
  • CVE ID
  • CVE-2022-4221
  • Assigner
  • research@onekey.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-01T10:15:09
  • Last Modified Date
  • 2022-12-05T15:11:39
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:asus:nas-m25_firmware:*:*:*:*:*:*:*:* 1 OR 1.0.1.7
cpe:2.3:h:asus:nas-m25:-:*:*:*:*:*:*:* 0 OR
References
Reference URL Reference Tags
https://onekey.com/blog/security-advisory-asus-m25-nas-vulnerability/ Exploit Technical Description Third Party Advisory
History
Created Old Value New Value Data Type Notes
2022-12-07 18:05:49 Added to TrackCVE
2022-12-18 04:33:57 2022-12-01T10:15:09.863 2022-12-01T10:15:09 CVE Published Date updated
2022-12-18 04:33:57 2022-12-05T15:11:39 CVE Modified Date updated