CVE-2022-29337

CRITICAL

C-DATA FD702XW-X-R430 v2.1.13_X001 - Command Injection

Title source: llm

Description

C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability via the va_cmd parameter in formlanipv6. This vulnerability allows attackers to execute arbitrary commands via a crafted HTTP request.

Exploits (1)

nomisec WORKING POC 3 stars

by exploitwritter · poc

https://github.com/exploitwritter/CVE-2022-29337

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://east-trowel-102.notion.site/CVE-2022-XXXX-OS-CommandInjection-formlanipv6-043ddebec5a1456b92991048617c04e8

Scores

CVSS v3 9.8

EPSS 0.3042

EPSS Percentile 96.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

cdatatec/fd702xw-x-r430_firmware 2.1.13_x001

Published May 24, 2022

Tracked Since Feb 18, 2026