Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-40740

Realtek GPON router has insufficient filtering for special characters. A remote attacker authenticated as an administrator can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service.

Published

2023-01-03T03:15:09.960

Last Modified

2024-11-21T07:21:57.663

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

Weaknesses

Type: Secondary
CWE-78
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	realtek	usdk	1.0	Yes
Application	realtek	usdk	2.0	Yes
Application	realtek	usdk	2.2	Yes
Application	realtek	xpon_software_development_kit	1.9	Yes
Application	realtek	xpon_software_development_kit	3.3	Yes
Application	realtek	xpon_software_development_kit	4.0	Yes
Application	realtek	xpon_software_development_kit	4.1	Yes

References

https://www.twcert.org.tw/tw/cp-132-6831-19121-1.html Third Party Advisory, VDB Entry ([email protected])
https://www.twcert.org.tw/tw/cp-132-6831-19121-1.html Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)