PT-2022-21703 · Unknown · Rg-Eg Series Gateway Eg350 Eg Rgos

Juneha

Published

2022-06-25

Updated

2022-07-11

CVE-2022-33128

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions RG-EG series gateway EG350 EG RGOS version 11.1(6)

Description The issue is related to a SQL injection vulnerability. It can be exploited via the get alarmAction function at the "/alarm pi/alarmService.php" API endpoint.

Recommendations For RG-EG series gateway EG350 EG RGOS version 11.1(6), consider disabling the get alarmAction function at the "/alarm pi/alarmService.php" API endpoint as a temporary workaround until a patch is available.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2022-33128

Affected Products

Rg-Eg Series Gateway Eg350 Eg Rgos

PT-2022-21703 · Unknown · Rg-Eg Series Gateway Eg350 Eg Rgos

CVE-2022-33128

Weakness Enumeration

Related Identifiers

Affected Products

References · 4