CVE-2022-31808

Name of the Vulnerable Software and Affected Versions SiPass integrated AC5102 (ACC-G2) versions prior to V2.85.44 SiPass integrated ACC-AP versions prior to V2.85.43

Description A vulnerability has been identified in the telnet command line interface of the affected devices, where they improperly sanitize user input. This could allow an authenticated user to escalate privileges by injecting arbitrary commands that are executed with root privileges. The issue is related to errors in processing input data, which can be exploited to execute arbitrary code in the context of the root user.

Recommendations For SiPass integrated AC5102 (ACC-G2) versions prior to V2.85.44, update to version V2.85.44 or later to resolve the issue. For SiPass integrated ACC-AP versions prior to V2.85.43, update to version V2.85.43 or later to resolve the issue. As a temporary workaround, consider restricting access to the telnet command line interface until a patch is available.