CVE-2022-22986
HIGHNetcommunity OG410X and OG810X Series < 2.28 - OS Command Injection via Crafted Config File
Title source: llmDescription
Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG410Xi, OG810Xa, and OG810Xi firmware Ver.2.28 and earlier) allow an attacker on the adjacent network to execute an arbitrary OS command via a specially crafted config file.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://business.ntt-east.co.jp/topics/2022/03_22.html
Vendor Advisory x_refsource_misc
https://www.ntt-west.co.jp/smb/kiki_info/info/220322.html
Third Party Advisory, VDB Entry x_refsource_misc
https://jvn.jp/en/vu/JVNVU94900322/index.html
Scores
CVSS v3
8.8
EPSS
0.0071
EPSS Percentile
48.8%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (4)
ntt-east/og410xa_firmware
< 2.28
ntt-east/og410xi_firmware
< 2.28
ntt-east/og810xa_firmware
< 2.28
ntt-east/og810xi_firmware
< 2.28
Published
Mar 31, 2022
Tracked Since
Feb 18, 2026