CVE-2022-25017
CRITICALHitron CHITA 7.2.2.0.3b6-CD - OS Command Injection via DDNS Username Field
Title source: llmDescription
Hitron CHITA 7.2.2.0.3b6-CD devices contain a command injection vulnerability via the Device/DDNS ddnsUsername field.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://gist.github.com/zaee-k/390b2f8e50407e4b199df806baa7e4ef
Scores
CVSS v3
9.1
EPSS
0.2910
EPSS Percentile
97.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
hitrontech/chita_firmware
7.2.2.0.3b6-cd
Published
Apr 01, 2022
Tracked Since
Feb 18, 2026