Vulnerabilities > CVE-2023-2522 - Unspecified vulnerability in Feiyuxing Vec40G Firmware 3.0

047910
CVSS 7.2 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
feiyuxing

Summary

A vulnerability was found in Chengdu VEC40G 3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /send_order.cgi?parameter=access_detect of the component Network Detection. The manipulation of the argument COUNT with the input 3 | netstat -an leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228013 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerable Configurations

Part Description Count
OS
Feiyuxing
1
Hardware
Feiyuxing
1