China National Vulnerability DatabaseCNVD-2022-08928Fiberhome FiberHome ONU GPON OS Command Injection Vulnerability
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.009 Low
EPSS
Percentile
82.4%
Fiberhome FiberHome ONU GPON is a router from Fiberhome, China.FiberHome ONU GPON AN5506-04-F RP2617 is vulnerable to an operating system command injection vulnerability, which originates from FiberHome ONU GPON AN5506-04-F RP2617 is affected by an operating system command injection vulnerability. The vulnerability allows an attacker to send commands to the operating system as the root user after logging in via the ping diagnostic tool, bypassing the IP address field and using a semicolon to connect to the operating system commands.
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.009 Low
EPSS
Percentile
82.4%