CVE-2022-42055

MEDIUM

GL.iNet GoodCloud 1.00.220412.00 - OS Command Injection via Ping and Traceroute Tools

Title source: llm
STIX 2.1

Description

Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system.

References (1)

Core 1
Core References
Exploit, Third Party Advisory
https://boschko.ca/glinet-router

Scores

CVSS v3 6.5
EPSS 0.0172
EPSS Percentile 74.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-78
Status published
Products (1)
gl-inet/goodcloud 1.00.220412.00
Published Oct 27, 2022
Tracked Since Feb 18, 2026