CVE-2022-35555: OS Command Injection
First published: Fri Aug 12 2022(Updated: )
A command injection vulnerability exists in /goform/exeCommand in Tenda W6 V1.0.0.9(4122), which allows attackers to construct cmdinput parameters for arbitrary command execution.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tenda W6_S | =1.0.0.9\(4122\) | |
| Tenda W6 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-35555?
CVE-2022-35555 is classified as a high severity command injection vulnerability.
How do I fix CVE-2022-35555?
To fix CVE-2022-35555, update the Tenda W6 firmware to a secure version that addresses this vulnerability.
What does CVE-2022-35555 allow attackers to do?
CVE-2022-35555 allows attackers to execute arbitrary commands on the affected Tenda W6 device.
Which versions of Tenda W6 are affected by CVE-2022-35555?
CVE-2022-35555 affects Tenda W6 firmware version 1.0.0.9(4122).
Is my Tenda W6 device at risk if it is running an affected version?
Yes, if your Tenda W6 device is running version 1.0.0.9(4122), it is at risk of exploitation due to CVE-2022-35555.
- agent/weakness
- agent/last-modified-date
- agent/first-publish-date
- agent/type
- agent/severity
- agent/references
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- vendor/tenda
- canonical/tenda w6_s
- version/tenda w6_s/1.0.0.9\(4122\)
- canonical/tenda w6 firmware