First published: Thu Dec 01 2022(Updated: )
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7.
Credit: research@onekey.com research@onekey.com
Affected Software | Affected Version | How to fix |
---|---|---|
Asus Nas-m25 Firmware | <=1.0.1.7 | |
Asus NAS-M25 | ||
All of | ||
Asus Nas-m25 Firmware | <=1.0.1.7 | |
Asus NAS-M25 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this security issue is CVE-2022-4221.
The severity of CVE-2022-4221 is critical with a severity value of 9.8.
The affected software for CVE-2022-4221 is Asus NAS-M25 firmware up to version 1.0.1.7.
CVE-2022-4221 is an 'Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)' vulnerability in Asus NAS-M25, allowing an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.
Yes, you can find more information about CVE-2022-4221 in the security advisory provided by Onekey.com at https://onekey.com/blog/security-advisory-asus-m25-nas-vulnerability/.