CVE-2022-40022

🗓️ 13 Feb 2023 00:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 84 Views🌐 WEB

Microchip SyncServer S650 command injection vulnerabilit

Reporter	Title	Published	Views	Family All 13
0day.today	Symmetricom SyncServer Unauthenticated Remote Command Execution Exploit	17 Jun 202300:00	–	zdt
Circl	CVE-2022-40022	13 Jun 202322:37	–	circl
CNNVD	Microchip Technology (Microsemi) SyncServer S650 命令注入漏洞	13 Feb 202300:00	–	cnnvd
Cvelist	CVE-2022-40022	13 Feb 202300:00	–	cvelist
Metasploit	Symmetricom SyncServer Unauthenticated Remote Command Execution	14 Jun 202319:50	–	metasploit
Nuclei	Symmetricom SyncServer Unauthenticated - Remote Command Execution	6 Jun 202603:01	–	nuclei
NVD	CVE-2022-40022	13 Feb 202315:15	–	nvd
Packet Storm	Symmetricom SyncServer Unauthenticated Remote Command Execution	14 Jun 202300:00	–	packetstorm
Prion	Command injection	13 Feb 202315:15	–	prion
Rapid7 Blog	Metasploit Weekly Wrap-Up	16 Jun 202320:40	–	rapid7blog

NVD

Node

microchip syncserver_s650_firmwareMatch-

AND

microchip syncserver_s650Match-

Source	Link
microsemi	www.microsemi.com/campaigns/network-time-servers/syncserver-s600/
microsemi	www.microsemi.com/campaigns/network-time-servers/S650p/%3Fgd%3D1&id=5&gclid=Cj0KCQjwjbyYBhCdARIsAArC6LL-202ej5YfDB5lMIMSZ2735qjo5yaj2i-PrvLv2Cnh_kIJtFJ0oF8aAlMpEALw_wcB
securifera	www.securifera.com/advisories/CVE-2022-40022/
packetstormsecurity	www.packetstormsecurity.com/files/172907/Symmetricom-SyncServer-Unauthenticated-Remote-Command-Execution.html
microsemi	www.microsemi.com/document-portal/doc_download/135737-datasheet-syncserver-s650

Parameter	Position	Path	Description	CWE
hostname	request body	/controller/ping.php	Unauthenticated command injection via /controller/ping.php using the hostname parameter.	CWE-77

21 Mar 2025 19:15Current

9.7High risk

Vulners AI Score9.7

CVSS 3.19.8

EPSS0.90776

SSVC

cve-2022-40022 microchip technology microsemi syncserver s650 command injection vulnerability