CVE-2022-42457

Name of the Vulnerable Software and Affected Versions Generex CS141 versions 2.08 through 2.10

Description The issue allows remote command execution by administrators via a web interface that reaches run update in /usr/bin/gxserve-update.sh. This can occur, for example, via a reverse shell installed by install.sh.

Recommendations For versions 2.08 through 2.10, update to a version later than 2.10 to resolve the issue. As a temporary workaround, consider restricting access to the run update function in /usr/bin/gxserve-update.sh until a patch is available. Avoid using the install.sh script in the affected API endpoint until the issue is resolved.