CVE-2022-46304

ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary system command to perform arbitrary system operation or disrupt service.
References
Link Resource
https://www.twcert.org.tw/tw/cp-132-6800-b5cf6-1.html Third Party Advisory VDB Entry
https://www.twcert.org.tw/tw/cp-132-6800-b5cf6-1.html Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:changingtec:servisign:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:30

Type Values Removed Values Added
New CVE

Information

Published : 2023-01-03 03:15

Updated : 2024-11-21 07:30


NVD link : CVE-2022-46304

Mitre link : CVE-2022-46304

CVE.ORG link : CVE-2022-46304


JSON object : View

Products Affected

changingtec

  • servisign
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')