CVE-2022-46304

ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary system command to perform arbitrary system operation or disrupt service.
References
Link Resource
https://www.twcert.org.tw/tw/cp-132-6800-b5cf6-1.html Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:changingtec:servisign:-:*:*:*:*:*:*:*

Information

Published : 2023-01-03 03:15

Updated : 2023-01-09 07:58


NVD link : CVE-2022-46304

Mitre link : CVE-2022-46304

Products Affected
No products.
CWE