CVE Vulnerabilities

CVE-2022-47040

Published: Jan 26, 2023 | Modified: Feb 06, 2023

CVSS 3.x

7.8

HIGH

Source:

NVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.x

RedHat/V2

RedHat/V3

Ubuntu

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-47040
CWE	https://cwe.mitre.org/data/definitions/.html

An issue in ASKEY router RTF3505VW-N1 BR_SV_g000_R3505VMN1001_s32_7 allows attackers to escalate privileges via running the tcpdump command after placing a crafted file in the /tmp directory and sending crafted packets through port 80.

Affected Software

Name	Vendor	Start Version	End Version
Rtf3505vw-n1_firmware	Askey	br_sv_g000_r3505vmn1001_s32_7 (including)	br_sv_g000_r3505vmn1001_s32_7 (including)

References

https://github.com/leoservalli/Privilege-escalation-ASKEY

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.