ID
VAR-202209-2127
CVE
CVE-2022-41870
TITLE
innovaphone AG of innovaphone Command injection vulnerability in firmware
Trust: 0.8
DESCRIPTION
AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload. innovaphone AG of innovaphone Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. innovaphone AG is an expert in the IP telephony field of German innovaphone AG company that provides personalized and complex business communication solutions. Attackers exploit this vulnerability to modify service IDs and inject commands
Trust: 1.8
AFFECTED PRODUCTS
| vendor: | innovaphone | model: | innovaphone | scope: | eq | version: | 13r2 | Trust: 1.0 |
| vendor: | innovaphone | model: | innovaphone | scope: | lt | version: | 13r2 | Trust: 1.0 |
| vendor: | innovaphone | model: | innovaphone | scope: | eq | version: | innovaphone firmware 13r2 | Trust: 0.8 |
| vendor: | innovaphone | model: | innovaphone | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | innovaphone | model: | innovaphone | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-77 | Trust: 1.1 |
| problemtype: | Command injection (CWE-77) [NVD evaluation ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
command injection
Trust: 0.6
PATCH
| title: | innovaphone AG Fixes for command injection vulnerabilities | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=210288 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-41870 | Trust: 3.4 |
| db: | JVNDB | id: | JVNDB-2022-018049 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202209-3165 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-429146 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2022-41870 | Trust: 0.1 |
REFERENCES
| url: | http://wiki.innovaphone.com/index.php?title=reference13r2:release_notes_security | Trust: 2.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-41870 | Trust: 0.8 |
| url: | https://cxsecurity.com/cveshow/cve-2022-41870/ | Trust: 0.6 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
SOURCES
| db: | VULHUB | id: | VHN-429146 |
| db: | VULMON | id: | CVE-2022-41870 |
| db: | JVNDB | id: | JVNDB-2022-018049 |
| db: | CNNVD | id: | CNNVD-202209-3165 |
| db: | NVD | id: | CVE-2022-41870 |
LAST UPDATE DATE
2025-05-22T23:07:16.075000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-429146 | date: | 2022-10-11T00:00:00 |
| db: | VULMON | id: | CVE-2022-41870 | date: | 2022-09-30T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-018049 | date: | 2023-10-18T08:09:00 |
| db: | CNNVD | id: | CNNVD-202209-3165 | date: | 2022-10-12T00:00:00 |
| db: | NVD | id: | CVE-2022-41870 | date: | 2025-05-20T19:15:48.370 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-429146 | date: | 2022-09-30T00:00:00 |
| db: | VULMON | id: | CVE-2022-41870 | date: | 2022-09-30T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-018049 | date: | 2023-10-18T00:00:00 |
| db: | CNNVD | id: | CNNVD-202209-3165 | date: | 2022-09-30T00:00:00 |
| db: | NVD | id: | CVE-2022-41870 | date: | 2022-09-30T18:15:11.973 |