CVE-2022-29539

Name of the Vulnerable Software and Affected Versions RESI Gemini-Net version 4.2

Description The issue is related to OS Command Injection, where the software does not properly check the parameters sent as input before they are processed on the server. Due to the lack of validation of user input, an unauthenticated attacker can bypass the syntax intended by the software and inject arbitrary system commands with the privileges of the application user. This can be achieved by concatenating commands, such as &|;r commands.

Recommendations For RESI Gemini-Net version 4.2, consider implementing input validation to prevent arbitrary system command injection. As a temporary workaround, restrict access to the resi-calltrace component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.