CVE-2022-36779 : Exploit Details and Defense Strategies
Learn about CVE-2022-36779, a vulnerability in PROSCEND / ADVICE .Ltd G/5G Industrial Cellular Routers allowing unauthenticated OS command injection. Find out the impact, affected versions, and mitigation steps.
This article provides an overview of CVE-2022-36779, which involves an unauthenticated OS command injection vulnerability in PROSCEND / ADVICE .Ltd G/5G Industrial Cellular Routers.
Understanding CVE-2022-36779
CVE-2022-36779 is a critical vulnerability that affects multiple products by PROSCEND, allowing unauthenticated attackers to execute OS commands.
What is CVE-2022-36779?
The vulnerability in PROSCEND / ADVICE .Ltd G/5G Industrial Cellular Routers allows unauthenticated users to inject OS commands, potentially leading to unauthorized access and manipulation of the affected device.
The Impact of CVE-2022-36779
With a CVSS base score of 6.5, this medium-severity vulnerability could result in unauthorized command execution, posing a significant risk to the integrity and availability of the affected systems.
Technical Details of CVE-2022-36779
The following are important technical details related to CVE-2022-36779:
Vulnerability Description
The vulnerability involves unauthenticated OS command injection in PROSCEND / ADVICE .Ltd G/5G Industrial Cellular Routers.
Affected Systems and Versions
Products affected include PROSCEND M330-w / M330-W5, M350-5G / M350-W5G / M350-6 / M350-W6, M301-G / M301-GW, and ADVICE ICR 111WG with specific vulnerable versions.
Exploitation Mechanism
Attackers can exploit this vulnerability by sending specially crafted requests to the affected devices, allowing them to execute arbitrary OS commands without authentication.
Mitigation and Prevention
To address CVE-2022-36779, it is crucial to take immediate steps and adopt long-term security practices to safeguard the affected devices.
Immediate Steps to Take
Update to the fixed versions:
- Proscend M330-w / M330-W5: Plan to fix on V1.11
- Proscend M350-5G / M350-W5G / M350-6 / M350-W6: Fixed on V1.02
- Proscend M301-G / M301-GW: Fixed on V2.20
- ADVICE ICR 111WG: Plan to fix on V1.11
Long-Term Security Practices
Implement network segmentation, access controls, and regular security assessments to mitigate the risk of unauthorized access and command injection.
Patching and Updates
Regularly apply security patches and updates provided by PROSCEND to ensure the protection of the industrial cellular routers.