← volver
CVE-2022-4221

OS command injection in ASUS M25 NAS

CVSS 9.8 CRITICALEPSS 4.8%CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Asus · NAS-M25

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://onekey.com/blog/security-advisory-asus-m25-nas-vulnerability/