CVE-2022-42457
Severity Score
7.2
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Generex CS141 through 2.10 allows remote command execution by administrators via a web interface that reaches run_update in /usr/bin/gxserve-update.sh (e.g., command execution can occur via a reverse shell installed by install.sh).
Generex CS141 hasta la versión 2.10 permite la ejecución de comandos remotos por parte de los administradores a través de una interfaz web que llega a run_update en /usr/bin/gxserve-update.sh (por ejemplo, la ejecución de comandos puede ocurrir a través de un shell inverso instalado por install.sh).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-10-06 CVE Reserved
- 2022-10-06 CVE Published
- 2024-07-25 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/hubertfarnsworth12/Generex-CS141-Authenticated-Remote-Command-Execution | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.generex.de/products/ups | 2022-11-10 | |
| https://www.generex.de/support/downloads/ups/cs141 | 2022-11-10 | |
| https://www.generex.de/support/downloads/ups/cs141/update | 2022-11-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Generex Search vendor "Generex" | Cs141 Firmware Search vendor "Generex" for product "Cs141 Firmware" | <= 2.10 Search vendor "Generex" for product "Cs141 Firmware" and version " <= 2.10" | - |
Affected
| in | Generex Search vendor "Generex" | Cs141 Search vendor "Generex" for product "Cs141" | - | - |
Safe
|