Lucene search

CVE-2022-40282

🗓️ 25 Nov 2022 05:13:15Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 8 Media mentions👁 51 Views🌐 WEB

The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 6
Prion	Command injection	25 Nov 202205:15	–	prion
CNVD	Hirschmann BAT-C2 Command Injection Vulnerability	29 Nov 202200:00	–	cnvd
Cvelist	CVE-2022-40282	25 Nov 202200:00	–	cvelist
Packet Storm	Hirschmann (Belden) BAT-C2 8.8.1.0R8 Command Injection	30 Nov 202200:00	–	packetstorm
Vulnrichment	CVE-2022-40282	25 Nov 202200:00	–	vulnrichment
NVD	CVE-2022-40282	25 Nov 202205:15	–	nvd

Nvd

Node

belden hirschmann_bat-c2_firmwareRange<09.13.00r04

AND

belden hirschmann_bat-c2Match-

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/170063/Hirschmann-Belden-BAT-C2-8.8.1.0R8-Command-Injection.html
seclists	www.seclists.org/fulldisclosure/2022/Nov/19
belden	www.belden.com/support/security-assurance

Parameter	Position	Path	Description	CWE
ajax	request body	/	The dir parameter in the FsCreateDir Ajax function allows for command injection due to insufficient sanitization.	CWE-77
dir	request body	/	The dir parameter in the FsCreateDir Ajax function allows for command injection due to insufficient sanitization.	CWE-77

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

25 Nov 2022 05:15Current

9High risk

Vulners AI Score9

CVSS38.8

EPSS0.01547

SSVC

CWE-77