CVE-2022-4221

Name of the Vulnerable Software and Affected Versions Asus NAS-M25 versions through 1.0.1.7

Description The issue is related to an improper neutralization of special elements used in an OS command, allowing an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values, specifically through cookie values.

Recommendations For Asus NAS-M25 versions through 1.0.1.7, as a temporary workaround, consider restricting access to sensitive areas of the system to minimize the risk of exploitation. Avoid using unsanitized cookie values in OS commands until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.