Vulnerability Description
Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command injection by authenticated users, as demonstrated by the /boaform/formPing6 and /boaform/formTracert URIs for ping and traceroute.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Intelbras | Wifiber 120Ac Inmesh Firmware | >= 1.1-220216, < 1.1-220826 |
| Intelbras | Wifiber 120Ac Inmesh | - |
Related Weaknesses (CWE)
References
- https://cyberdanube.com/en/authenticated-command-injection-in-intelbras-wifiber-ExploitPatchThird Party Advisory
- https://seclists.org/fulldisclosure/2022/Dec/13ExploitMailing ListPatch
- https://cyberdanube.com/en/authenticated-command-injection-in-intelbras-wifiber-ExploitPatchThird Party Advisory
- https://seclists.org/fulldisclosure/2022/Dec/13ExploitMailing ListPatch
FAQ
What is CVE-2022-40005?
CVE-2022-40005 is a vulnerability with a CVSS score of 8.8 (HIGH). Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command injection by authenticated users, as demonstrated by the /boaform/formPing6 and /boaform/formTracert URIs for ping and traceroute.
How severe is CVE-2022-40005?
CVE-2022-40005 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-40005?
Check the references section above for vendor advisories and patch information. Affected products include: Intelbras Wifiber 120Ac Inmesh Firmware, Intelbras Wifiber 120Ac Inmesh.