CVE-2022-31208

Name of the Vulnerable Software and Affected Versions Infiray IRAY-A8Z3 version 1.0.957

Description The issue is related to the webserver of the Infiray IRAY-A8Z3, which contains an endpoint that can execute arbitrary commands. This can be achieved by manipulating the cmd string URL parameter. The vulnerability is associated with incorrect code generation management, allowing an attacker to execute arbitrary code using the cmd string parameter.

Recommendations For Infiray IRAY-A8Z3 version 1.0.957, as a temporary workaround, consider restricting access to the vulnerable endpoint or disabling the use of the cmd string parameter until a patch is available. Avoid using the cmd string parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.