admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-21 18:30:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create CVE-2022-35405

Browse Source
This commit is contained in:
之乎者也 2023-04-13 15:32:48 +08:00 committed by GitHub
parent 8059008595
commit cbbbec7d95
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CVE-2022-35405 Normal file
View File

@ -0,0 +1,12 @@
## CaiMore Gateway formping file Command Execution Vulnerability (CVE-2022-35405)
| **Vulnerability** | **CaiMore Gateway formping file Command Execution Vulnerability** |
| :----: | :-----|
| **Chinese name** | 厦门才茂通信科技有限公司网关 formping 文件命令执行漏洞 |
| **CVSS core** | 9.0 |
| **FOFA Query** (click to view the results directly)| [banner=\"Basic realm=\\\"CaiMore\" \|\| header=\"Basic realm=\\\"CaiMore\"](https://en.fofa.info/result?qbase64=YmFubmVyPSJCYXNpYyByZWFsbT1cXFwiQ2FpTW9yZSIgfHwgaGVhZGVyPSJCYXNpYyByZWFsbT1cXFwiQ2FpTW9yZSI%3D) |
| **Number of assets affected** | 1265 |
| **Description** | The gateway of Xiamen Caimao Communication Technology Co., Ltd. is designed with open software architecture. It is a metal shell design, with two Ethernet RJ45 interfaces, and an industrial design wireless gateway using 3G/4G/5G wide area network for Internet communication. There is a command execution vulnerability in the formping file of the gateway of Xiamen Caimao Communication Technology Co., Ltd. An attacker can use this vulnerability to arbitrarily execute code on the server side, write to the back door, obtain server permissions, and then control the entire web server. |
| **Impact** | Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server. |
![](https://s3.bmp.ovh/imgs/2023/04/12/7d6fdb188ac503b5.gif)