CVE-2022-46361

Name of the Vulnerable Software and Affected Versions OneWireless versions up to 322.1

Description The issue allows an attacker with physical access to the system to execute unwanted commands by plugging in a USB device. A malicious user could also enter a system command along with a backup configuration, resulting in the execution of unwanted commands. This can be exploited remotely, potentially allowing an attacker to execute arbitrary commands.

Recommendations For versions up to 322.1, update to version 322.2 to resolve the issue. As a temporary workaround, consider restricting physical access to the system and limiting the ability to plug in USB devices. Restrict access to system commands and backup configurations to minimize the risk of exploitation.