OpenCVE

Hitron CODA-5310 has insufficient filtering for specific parameters in the connection test function. A remote attacker authenticated as an administrator, can use the management page to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hitrontech	Coda-5310 Coda-5310 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:hitrontech:coda-5310_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hitrontech:coda-5310:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.twcert.org.tw/tw/cp-132-7082-373d5-1.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: twcert

Published: 2023-06-02T00:00:00

Updated: 2024-08-03T15:02:35.902Z

Reserved: 2022-12-20T00:00:00

Link: CVE-2022-47616

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-06-02T11:15:09.997

Modified: 2024-11-21T07:32:16.393

Link: CVE-2022-47616

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-47616", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "dateUpdated": "2024-08-03T15:02:35.902Z", "dateReserved": "2022-12-20T00:00:00", "datePublished": "2023-06-02T00:00:00"}, "containers": {"cna": {"title": "Hitron Technologies Inc. CODA-5310 - Remote Command Execution", "datePublic": "2023-05-02T00:00:00", "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2023-06-02T00:00:00"}, "descriptions": [{"lang": "en", "value": "Hitron CODA-5310 has insufficient filtering for specific parameters in the connection test function. A remote attacker authenticated as an administrator, can use the management page to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service."}], "affected": [{"vendor": "Hitron Technologies Inc.", "product": "Hitron CODA-5310", "versions": [{"version": "all version", "status": "affected"}]}], "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7082-373d5-1.html"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command", "cweId": "CWE-78"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "TVN-202212005", "discovery": "EXTERNAL"}, "solutions": [{"lang": "en", "value": "Hitron Technologies Inc. has provided a problem-solving version to the internet service provider and informed them to upgrade. If there are any issues, please contact the network provider."}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:02:35.902Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7082-373d5-1.html", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hitrontech:coda-5310_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "22530DC7-225E-43D3-B813-A3AE30701CDC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hitrontech:coda-5310:-:*:*:*:*:*:*:*", "matchCriteriaId": "491195EE-6802-46EB-AFEE-CEF553255203", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Hitron CODA-5310 has insufficient filtering for specific parameters in the connection test function. A remote attacker authenticated as an administrator, can use the management page to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service."}], "id": "CVE-2022-47616", "lastModified": "2024-11-21T07:32:16.393", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "twcert@cert.org.tw", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-06-02T11:15:09.997", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-7082-373d5-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-7082-373d5-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "twcert@cert.org.tw", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}