M50 Firmware
CVE-2022-45717
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. This vulnerability is exploited via a crafted GET request.
AnalysisAI
IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. This vulnerability is exploited via a crafted GET request. Affected products include: Ip-Com M50 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.
More in M50 Firmware
View allIP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the hostname parameter in
IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the picName parameter in the formDelWewifi
IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffer overflows via the ip, mac, and remark parameters
IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the gotoUrl parameter in the formPortalAut
IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the rules parameter in the formIPMacBindAd
IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the indexSet parameter in the formIPMacBin
IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffer overflows via the pLanPortRange and pWanPortRang
IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the indexSet parameter in the formQOSRuleD
IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the rules parameter in the formAddDnsForwa
IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffer overflows via the pEnable, pLevel, and pModule p
IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple command injection vulnerabilities via the pEnable, pLev
IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the sPortMapIndex parameter in the formDel
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today