CVE-2022-33329

Name of the Vulnerable Software and Affected Versions Robustel R1510 version 3.3.0

Description The issue is related to command injection vulnerabilities in the web server's ajax endpoints functionalities. A specially-crafted network packet can lead to arbitrary command execution. The /ajax/set sys time/ API endpoint is affected by a command injection vulnerability. This vulnerability is due to the lack of neutralization of special elements used in the operating system command, which can be exploited by sending specially-crafted requests to execute arbitrary commands.

Recommendations For Robustel R1510 version 3.3.0, consider disabling the /ajax/set sys time/ API endpoint until a patch is available to prevent exploitation of the command injection vulnerability. Restrict access to the set sys time functionality to minimize the risk of exploitation. Avoid using the set sys time function until the issue is resolved.