First published: Tue Jan 03 2023(Updated: )
Realtek GPON router has insufficient filtering for special characters. A remote attacker authenticated as an administrator can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service.
Credit: twcert@cert.org.tw
Affected Software | Affected Version | How to fix |
---|---|---|
Realtek Usdk | =1.0 | |
Realtek Usdk | =2.0 | |
Realtek Usdk | =2.2 | |
Realtek Xpon Software Development Kit | =1.9 | |
Realtek Xpon Software Development Kit | =3.3 | |
Realtek Xpon Software Development Kit | =4.0 | |
Realtek Xpon Software Development Kit | =4.1 |
Contact tech support from Realtek
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-40740 is a vulnerability in the Realtek GPON router that allows a remote attacker to perform command injection attacks.
CVE-2022-40740 has a severity rating of 7.2, which is considered high.
CVE-2022-40740 affects Realtek Usdk 1.0, Realtek Usdk 2.0, Realtek Usdk 2.2, Realtek Xpon Software Development Kit 1.9, Realtek Xpon Software Development Kit 3.3, Realtek Xpon Software Development Kit 4.0, and Realtek Xpon Software Development Kit 4.1.
A remote attacker authenticated as an administrator can exploit CVE-2022-40740 to perform command injection attacks and execute arbitrary system commands.
Yes, you can find more information about CVE-2022-40740 at the following link: https://www.twcert.org.tw/tw/cp-132-6831-19121-1.html