CVE-2022-33327

Name of the Vulnerable Software and Affected Versions Robustel R1510 version 3.3.0

Description Multiple command injection vulnerabilities exist in the web server ajax endpoints functionalities. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities. The /ajax/remove sniffer raw log/ API endpoint is affected by a command injection vulnerability. The issue is related to the remove sniffer raw log() function, which does not properly neutralize special elements used in the operating system command, allowing a remote attacker to execute arbitrary commands by sending specially crafted requests.

Recommendations For Robustel R1510 version 3.3.0, as a temporary workaround, consider disabling the remove sniffer raw log() function until a patch is available. Restrict access to the /ajax/remove sniffer raw log/ API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.