OS command injection in UNIVERGE WA series

Number:NV22-004
CVE:CVE-2022-25621

Overview

The System maintenance feature of Local maintenance console/Remote maintenance console/Web based remote maintenance console in UNIVERGE WA series contains OS command injection vulnerability.

Products Affected

UNIVERGE WA series

Affected Version

WA1020、WA1510、WA1511、WA1512、WA2020、WA2021、WA2610-AP、WA2611-AP、WA2611E-AP、WA2612-AP
Ver8.2.11 and earlier

Solution

Please apply the patch.
Ver 8.2.13 and later

References

CVE-2022-25621
https://www.cve.org/CVERecord?id=CVE-2022-25621

Update

2022/03/09: First edition

サイト内の現在位置