Vulnerability Description
Algo 8028 Control Panel version 3.3.3 contains a command injection vulnerability in the fm-data.lua endpoint that allows authenticated attackers to execute arbitrary commands. Attackers can exploit the insecure 'source' parameter by injecting commands that are executed with root privileges, enabling remote code execution through a crafted POST request.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://www.algosolutions.com/
- https://www.algosolutions.com/firmware-downloads/8028-firmware-selection/
- https://www.exploit-db.com/exploits/50960
- https://www.vulncheck.com/advisories/algo-control-panel-remote-code-execution-rc
FAQ
What is CVE-2022-50909?
CVE-2022-50909 is a vulnerability with a CVSS score of 8.8 (HIGH). Algo 8028 Control Panel version 3.3.3 contains a command injection vulnerability in the fm-data.lua endpoint that allows authenticated attackers to execute arbitrary commands. Attackers can exploit th...
How severe is CVE-2022-50909?
CVE-2022-50909 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-50909?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.