CVE-2022-36510

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions H3C GR2200 MiniGR1A0V100R014

Description A command injection issue was discovered, which can be exploited via the param parameter at the DelL2tpLNSList endpoint.

Recommendations For H3C GR2200 MiniGR1A0V100R014, consider restricting access to the DelL2tpLNSList endpoint to minimize the risk of exploitation. Avoid using the param parameter in this endpoint until the issue is resolved.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2022-36510

Affected Products

H3C Gr-2200

CVE-2022-36510

Weakness Enumeration

Related Identifiers

Affected Products

References · 4