CVE-2022-32665
CVE-2022-32665
In short
Boa has a command injection vulnerability that allows attackers to execute arbitrary commands remotely without needing special permissions or user interaction. This is a critical security flaw that can give attackers complete control over the affected system.
Technical detail
CWE-77 command injection in Boa due to improper input validation allows unauthenticated remote code execution (RCE) with privilege escalation. The vulnerability requires no special execution privileges or user interaction; attack vector is network-based through untrusted input that reaches shell command execution contexts.
Summary generated and translated by AI from the official description.
In Boa, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20220026; Issue ID: OSBNB00144124.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
MediaTek, Inc. · EN7528, EN7580Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →