Vulnerability Description
Generex CS141 through 2.10 allows remote command execution by administrators via a web interface that reaches run_update in /usr/bin/gxserve-update.sh (e.g., command execution can occur via a reverse shell installed by install.sh).
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Generex | Cs141 Firmware | <= 2.10 |
| Generex | Cs141 | - |
References
- https://github.com/hubertfarnsworth12/Generex-CS141-Authenticated-Remote-CommandExploitThird Party Advisory
- https://github.dev/hubertfarnsworth12/Generex-CS141-Authenticated-Remote-CommandPermissions RequiredThird Party Advisory
- https://www.generex.de/products/ups/ProductVendor Advisory
- https://www.generex.de/support/downloads/ups/cs141ProductVendor Advisory
- https://www.generex.de/support/downloads/ups/cs141/updateRelease NotesVendor Advisory
- https://github.com/hubertfarnsworth12/Generex-CS141-Authenticated-Remote-CommandExploitThird Party Advisory
- https://github.dev/hubertfarnsworth12/Generex-CS141-Authenticated-Remote-CommandPermissions RequiredThird Party Advisory
- https://www.generex.de/products/ups/ProductVendor Advisory
- https://www.generex.de/support/downloads/ups/cs141ProductVendor Advisory
- https://www.generex.de/support/downloads/ups/cs141/updateRelease NotesVendor Advisory
FAQ
What is CVE-2022-42457?
CVE-2022-42457 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Generex CS141 through 2.10 allows remote command execution by administrators via a web interface that reaches run_update in /usr/bin/gxserve-update.sh (e.g., command execution can occur via a reverse ...
How severe is CVE-2022-42457?
CVE-2022-42457 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-42457?
Check the references section above for vendor advisories and patch information. Affected products include: Generex Cs141 Firmware, Generex Cs141.