Vulnerabilities > CVE-2022-37861 - Unspecified vulnerability in Tenhot Tws-100 Firmware 4.0201809201424

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

tenhot

critical

NVD

Published: 2022-09-15

Updated: 2022-09-20

Summary

There is a remote code execution (RCE) vulnerability in Tenhot TWS-100 V4.0-201809201424 router device. It is necessary to know that the device account password is allowed to escape the execution system command through the network tools in the network diagnostic component.

Vulnerable Configurations

Part	Description	Count
OS	Tenhot Tenhot TWS 100 Firmware 4.0-201809201424	1
Hardware	Tenhot Tenhot TWS 100 -	1

References

http://www.tenhot.net/html/pro/wgzly/111704.html
https://gist.github.com/ox01024/784894c27213c5a765b5c8f8375db256