CVE-2022-46304

Name of the Vulnerable Software and Affected Versions ChangingTec ServiSign (affected versions not specified)

Description The issue is related to insufficient filtering for special characters in the connection response parameter. This allows an unauthenticated remote attacker to host a malicious website that, when accessed by the component user, can trigger command injection. As a result, the attacker can execute arbitrary system commands to perform various system operations or disrupt the service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.