以下内容均摘自互联网,由于传播、利用此文所提供的信息而造成的任何直接或间接的后果和损失,均由使用者本人负责,银弹实验室以及文章作者不承担任何责任。
1. Feixun fir302b A2 路由器授权命令注入漏洞
2. Cisco Small Business路由器授权命令注入漏洞
3. Cisco Small Business路由器缓冲区溢出漏洞
1. Feixun fir302b A2 路由器授权命令注入漏洞
漏洞编号
CVE-2022-27373
漏洞介绍
上海斐讯数据通信技术有限公司路由器fir302b A2通过Ping功能被发现存在远程命令执行(RCE)漏洞。
Shanghai Feixun Data Communication Technology Co., Ltd router fir302b A2 was discovered to contain a remote command execution (RCE) vulnerability via the Ping function.
影响范围
Feixun fir302b A2
厂商修复状态
暂未修复
漏洞类型
命令注入漏洞
漏洞危害
授权攻击者可以远程执行任意命令
漏洞数据来源
MITRE
漏洞详情链接
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27373
CVE 编号分配日期
2022-03-21
漏洞发布日期
2022-07-19
漏洞信息更新日期
2022-07-28
2. Cisco Small Business路由器授权命令注入漏洞
漏洞编号
CVE-2022-20874
漏洞介绍
Cisco Small Business RV110W、RV130、RV130W 和 RV215W 路由器的基于 Web 的管理界面中存在多个漏洞,可能允许经过身份验证的远程攻击者在受影响的设备上执行任意代码或导致设备意外重启,从而导致拒绝服务 (DoS) 条件。这些漏洞是由于传入 HTTP 数据包中的用户字段验证不足所致。攻击者可以通过向基于 Web 的管理界面发送精心设计的请求来利用这些漏洞。成功的利用可能允许攻击者以根级别权限在受影响的设备上执行任意命令,或导致设备意外重启,从而导致 DoS 条件。要利用这些漏洞,攻击者需要在受影响的设备上拥有有效的管理员凭据。
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
影响范围
Cisco RV110W 1.0.3.55
Cisco RV130 1.0.3.55
Cisco RV130W 1.0.3.55
Cisco RV215W 1.0.3.55
厂商修复状态
暂未修复
漏洞类型
命令注入漏洞
漏洞危害
授权攻击者可以远程执行任意shell命令
漏洞数据来源
Cisco Systems, Inc.
漏洞详情链接
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20874
CVE 编号分配日期
2021-11-02
漏洞发布日期
2022-07-21
漏洞信息更新日期
2022-07-26
3. Cisco Small Business路由器缓冲区溢出漏洞
漏洞编号
CVE-2022-20875
漏洞介绍
Cisco Small Business RV110W、RV130、RV130W 和 RV215W 路由器的基于 Web 的管理界面中存在多个漏洞,可能允许经过身份验证的远程攻击者在受影响的设备上执行任意代码或导致设备意外重启,从而导致拒绝服务 (DoS) 条件。这些漏洞是由于传入 HTTP 数据包中的用户字段验证不足所致。攻击者可以通过向基于 Web 的管理界面发送精心设计的请求来利用这些漏洞。成功的利用可能允许攻击者以根级别权限在受影响的设备上执行任意命令,或导致设备意外重启,从而导致 DoS 条件。要利用这些漏洞,攻击者需要在受影响的设备上拥有有效的管理员凭据。
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
影响范围
Cisco RV110W 1.0.3.55
Cisco RV130 1.0.3.55
Cisco RV130W 1.0.3.55
Cisco RV215W 1.0.3.55
厂商修复状态
暂未修复
漏洞类型
缓冲区溢出漏洞
漏洞危害
攻击者可以远程使设备拒绝服务,甚至执行任意命令
漏洞数据来源
Cisco Systems, Inc.
漏洞详情链接
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20875
CVE 编号分配日期
2021-11-02
漏洞发布日期
2022-07-21
漏洞信息更新日期
2022-07-26
