Vulnerabilities > CVE-2022-42457 - Unspecified vulnerability in Generex Cs141 Firmware
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Generex CS141 through 2.10 allows remote command execution by administrators via a web interface that reaches run_update in /usr/bin/gxserve-update.sh (e.g., command execution can occur via a reverse shell installed by install.sh).
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 8 | |
Hardware | 1 |
References
- https://github.com/hubertfarnsworth12/Generex-CS141-Authenticated-Remote-Command-Execution
- https://github.com/hubertfarnsworth12/Generex-CS141-Authenticated-Remote-Command-Execution
- https://github.dev/hubertfarnsworth12/Generex-CS141-Authenticated-Remote-Command-Execution
- https://github.dev/hubertfarnsworth12/Generex-CS141-Authenticated-Remote-Command-Execution
- https://www.generex.de/products/ups/
- https://www.generex.de/products/ups/
- https://www.generex.de/support/downloads/ups/cs141
- https://www.generex.de/support/downloads/ups/cs141
- https://www.generex.de/support/downloads/ups/cs141/update
- https://www.generex.de/support/downloads/ups/cs141/update