CVE-2022-29560

Name of the Vulnerable Software and Affected Versions RUGGEDCOM ROX MX5000 versions prior to 2.15.1 RUGGEDCOM ROX MX5000RE versions prior to 2.15.1 RUGGEDCOM ROX RX1400 versions prior to 2.15.1 RUGGEDCOM ROX RX1500 versions prior to 2.15.1 RUGGEDCOM ROX RX1501 versions prior to 2.15.1 RUGGEDCOM ROX RX1510 versions prior to 2.15.1 RUGGEDCOM ROX RX1511 versions prior to 2.15.1 RUGGEDCOM ROX RX1512 versions prior to 2.15.1 RUGGEDCOM ROX RX1524 versions prior to 2.15.1 RUGGEDCOM ROX RX1536 versions prior to 2.15.1 RUGGEDCOM ROX RX5000 versions prior to 2.15.1

Description The affected devices do not properly validate user input, making them susceptible to command injection. An attacker with access to either the shell or the web CLI with administrator privileges could access the underlying operating system as the root user.

Recommendations For RUGGEDCOM ROX MX5000 versions prior to 2.15.1, update to version 2.15.1 or later. For RUGGEDCOM ROX MX5000RE versions prior to 2.15.1, update to version 2.15.1 or later. For RUGGEDCOM ROX RX1400 versions prior to 2.15.1, update to version 2.15.1 or later. For RUGGEDCOM ROX RX1500 versions prior to 2.15.1, update to version 2.15.1 or later. For RUGGEDCOM ROX RX1501 versions prior to 2.15.1, update to version 2.15.1 or later. For RUGGEDCOM ROX RX1510 versions prior to 2.15.1, update to version 2.15.1 or later. For RUGGEDCOM ROX RX1511 versions prior to 2.15.1, update to version 2.15.1 or later. For RUGGEDCOM ROX RX1512 versions prior to 2.15.1, update to version 2.15.1 or later. For RUGGEDCOM ROX RX1524 versions prior to 2.15.1, update to version 2.15.1 or later. For RUGGEDCOM ROX RX1536 versions prior to 2.15.1, update to version 2.15.1 or later. For RUGGEDCOM ROX RX5000 versions prior to 2.15.1, update to version 2.15.1 or later.