CVE-2022-35733
CRITICAL EXPLOITEDUNIMO Technology UDR-JA1004/JA1008/JA1016 <v1.0.20.13 - RCE
Title source: llmExploitation Summary
CVE-2022-35733 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
Missing authentication for critical function vulnerability in UNIMO Technology digital video recorders (UDR-JA1004/JA1008/JA1016 firmware versions v1.0.20.13 and earlier, and UDR-JA1016 firmware versions v2.0.20.13 and earlier) allows a remote unauthenticated attacker to execute an arbitrary OS command by sending a specially crafted request to the affected device web interface.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
http://www.unimo.co.jp/table_notice/index.php?act=1&resid=1643590226-637355
Third Party Advisory x_refsource_misc
https://jvn.jp/en/vu/JVNVU90821877/index.html
Scores
CVSS v3
9.8
EPSS
0.0125
EPSS Percentile
65.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2024-06-19
CWE
CWE-306
Status
published
Products (3)
unimo/udr-ja1004_firmware
< 1.0.20.13
unimo/udr-ja1008_firmware
< 1.0.20.13
unimo/udr-ja1016_firmware
< 2.0.20.13
Published
Aug 23, 2022
Tracked Since
Feb 18, 2026