Vulnerabilities > CVE-2022-40282 - Unspecified vulnerability in Belden Hirschmann Bat-C2 Firmware

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

belden

NVD

Published: 2022-11-25

Updated: 2023-08-08

Summary

The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is BSECV-2022-21.

Vulnerable Configurations

Part	Description	Count
OS	Belden Belden Hirschmann BAT C2 Firmware -	1
Hardware	Belden Belden Hirschmann BAT C2 -	1

References

https://www.belden.com/support/security-assurance
http://seclists.org/fulldisclosure/2022/Nov/19
http://packetstormsecurity.com/files/170063/Hirschmann-Belden-BAT-C2-8.8.1.0R8-Command-Injection.html