CVE-2022-33325

Name of the Vulnerable Software and Affected Versions Robustel R1510 version 3.3.0

Description The issue is related to command injection vulnerabilities in the web server's ajax endpoints functionalities. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities. The /ajax/clear tools log/ API endpoint is affected by a command injection vulnerability. The vulnerability is also related to the implementation of the clear tools log() function, which fails to neutralize special elements used in the operating system command, allowing a remote attacker to execute arbitrary commands by sending specially crafted requests.

Recommendations For Robustel R1510 version 3.3.0, as a temporary workaround, consider disabling the clear tools log() function until a patch is available. Restrict access to the /ajax/clear tools log/ API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.