Vulnerabilities > Asus > NAS M25 Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-12-01 CVE-2022-4221 OS Command Injection vulnerability in Asus Nas-M25 Firmware
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7.
network
low complexity
asus CWE-78
critical
9.8