CVE-2022-28557: OS Command Injection
First published: Wed May 04 2022(Updated: )
There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tenda ac15 firmware | =15.03.05.20_multi_tde01 | |
| Tenda AC15 | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-28557?
The severity of CVE-2022-28557 is critical with a severity value of 9.8.
What is CVE-2022-28557?
CVE-2022-28557 is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution.
How does CVE-2022-28557 affect Tenda AC15?
CVE-2022-28557 affects Tenda AC15 with firmware version 15.03.05.20_multi_tde01, allowing for command injection at the /goform/setsambacfg interface.
Is Tenda AC15 version 1.0 vulnerable to CVE-2022-28557?
No, Tenda AC15 version 1.0 is not vulnerable to CVE-2022-28557.
How can I fix CVE-2022-28557?
To fix CVE-2022-28557, it is recommended to update the firmware of Tenda AC15 to a version that addresses the vulnerability.
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/weakness
- agent/severity
- agent/references
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/tenda
- canonical/tenda ac15 firmware
- version/tenda ac15 firmware/15.03.05.20_multi_tde01
- canonical/tenda ac15
- version/tenda ac15/1.0