CVE-2022-23764
HIGHteruten webcube 1.0.5.5-1.1.9.9 - Remote Code Execution via Insufficient Update File Verification
Title source: llmDescription
The vulnerability causing from insufficient verification procedures for downloaded files during WebCube update. Remote attackers can bypass this verification logic to update both digitally signed and unauthorized files, enabling remote code execution.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66876
Scores
CVSS v3
8.8
EPSS
0.0053
EPSS Percentile
40.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-346
Status
published
Products (1)
teruten/webcube
1.0.5.5 - 1.2.0.0
Published
Aug 17, 2022
Tracked Since
Feb 18, 2026