Details of VAR-202306-0187

ID

VAR-202306-0187

CVE

CVE-2022-47616

TITLE

Hitron Technologies Inc. of coda-5310 in the firmware OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-023138

DESCRIPTION

Hitron CODA-5310 has insufficient filtering for specific parameters in the connection test function. A remote attacker authenticated as an administrator, can use the management page to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service. Hitron Technologies Inc. of coda-5310 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Hitron Technologies CODA-5310 has a remote command execution vulnerability

Trust: 2.25

sources: NVD: CVE-2022-47616 // JVNDB: JVNDB-2022-023138 // CNVD: CNVD-2023-45451 // VULMON: CVE-2022-47616

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-45451

AFFECTED PRODUCTS

vendor:	hitron	model:	coda-5310	scope:	-	version:	-	Trust: 1.4
vendor:	hitrontech	model:	coda-5310	scope:	eq	version:	-	Trust: 1.0
vendor:	hitron	model:	coda-5310	scope:	eq	version:	-	Trust: 0.8
vendor:	hitron	model:	coda-5310	scope:	eq	version:	coda-5310 firmware	Trust: 0.8

sources: CNVD: CNVD-2023-45451 // JVNDB: JVNDB-2022-023138 // NVD: CVE-2022-47616

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-47616
value:	HIGH
Trust: 1.0
twcert@cert.org.tw:	CVE-2022-47616
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-47616
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2023-45451
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202306-120
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2023-45451
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-47616
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2022-47616
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2023-45451 // JVNDB: JVNDB-2022-023138 // CNNVD: CNNVD-202306-120 // NVD: CVE-2022-47616 // NVD: CVE-2022-47616

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-023138 // NVD: CVE-2022-47616

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202306-120

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202306-120

PATCH

title:	Patch for Hitron Technologies CODA-5310 Remote Command Execution Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/431961	Trust: 0.6
title:	Hitron Technologies CODA Fixes for operating system command injection vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=240166	Trust: 0.6

sources: CNVD: CNVD-2023-45451 // CNNVD: CNNVD-202306-120

EXTERNAL IDS

db:	NVD	id:	CVE-2022-47616	Trust: 3.9
db:	JVNDB	id:	JVNDB-2022-023138	Trust: 0.8
db:	CNVD	id:	CNVD-2023-45451	Trust: 0.6
db:	CNNVD	id:	CNNVD-202306-120	Trust: 0.6
db:	VULMON	id:	CVE-2022-47616	Trust: 0.1

sources: CNVD: CNVD-2023-45451 // VULMON: CVE-2022-47616 // JVNDB: JVNDB-2022-023138 // CNNVD: CNNVD-202306-120 // NVD: CVE-2022-47616

REFERENCES

url:	https://www.twcert.org.tw/tw/cp-132-7082-373d5-1.html	Trust: 3.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-47616	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-47616/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/78.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2023-45451 // VULMON: CVE-2022-47616 // JVNDB: JVNDB-2022-023138 // CNNVD: CNNVD-202306-120 // NVD: CVE-2022-47616

SOURCES

db:	CNVD	id:	CNVD-2023-45451
db:	VULMON	id:	CVE-2022-47616
db:	JVNDB	id:	JVNDB-2022-023138
db:	CNNVD	id:	CNNVD-202306-120
db:	NVD	id:	CVE-2022-47616

LAST UPDATE DATE

2024-08-14T15:26:36.074000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-45451	date:	2023-06-09T00:00:00
db:	VULMON	id:	CVE-2022-47616	date:	2023-06-02T00:00:00
db:	JVNDB	id:	JVNDB-2022-023138	date:	2023-11-27T08:13:00
db:	CNNVD	id:	CNNVD-202306-120	date:	2023-06-05T00:00:00
db:	NVD	id:	CVE-2022-47616	date:	2023-06-09T22:42:27.727

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-45451	date:	2023-06-09T00:00:00
db:	VULMON	id:	CVE-2022-47616	date:	2023-06-02T00:00:00
db:	JVNDB	id:	JVNDB-2022-023138	date:	2023-11-27T00:00:00
db:	CNNVD	id:	CNNVD-202306-120	date:	2023-06-02T00:00:00
db:	NVD	id:	CVE-2022-47616	date:	2023-06-02T11:15:09.997