CVE-2022-43367

CRITICAL

IP-COM EW9 <15.11.0.14 - Command Injection

Title source: llm

IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the formSetDebugCfg function.

Core 1

Core References

Exploit, Third Party Advisory

CVSS v3 9.8

EPSS 0.0518

EPSS Percentile 91.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

CWE

CWE-77

Status published

Products (1)

ip-com/ew9_firmware 15.11.0.14

Published Oct 27, 2022

Tracked Since Feb 18, 2026