CVE-2022-40282

Name of the Vulnerable Software and Affected Versions Hirschmann BAT-C2 versions prior to 09.13.01.00R04

Description The issue is related to insufficient argument checking in the FsCreateDir Ajax function of the Hirschmann BAT-C2's web interface, allowing an authenticated attacker to inject commands. This can be achieved by exploiting the dir parameter, enabling the attacker to execute arbitrary commands on the system.

Recommendations For versions prior to 09.13.01.00R04, update to version 09.13.01.00R04 or later to resolve the issue. As a temporary workaround, consider restricting access to the FsCreateDir Ajax function to minimize the risk of exploitation. Additionally, avoid using the dir parameter in the affected function until the issue is resolved.