CVE-2022-44620

HIGH

UDR-JA1604/UDR-JA1608/UDR-JA1616 Firmware < 71x10.1.107114.43a - Authenticated OS Command Injection

Title source: llm

Description

Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.

References (2)

Core 2

Core References

Vendor Advisory

http://www.unimo.co.jp/table_notice/index.php?act=1&resid=1666831567-004418

Third Party Advisory

https://jvn.jp/en/vu/JVNVU94514762/index.html

Scores

CVSS v3 8.8

EPSS 0.0087

EPSS Percentile 54.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-287

Status published

Products (3)

unimo/udr-ja1604_firmware < 71x10.1.107114.43a

unimo/udr-ja1608_firmware < 71x10.1.107114.43a

unimo/udr-ja1616_firmware < 71x10.1.107114.43a

Published Dec 07, 2022

Tracked Since Feb 18, 2026