CVE-2022-45699

CRITICAL EXPLOITED NUCLEI

APSystems ECU-R Firmware 5203 - Unauthenticated OS Command Injection via Timezone Parameter

Title source: llm

Exploitation Summary

CVE-2022-45699 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.

Description

Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter.

Nuclei Templates (1)

APsystems ECU-R Firmware - Command Injection

CRITICALby pussycat0x

References (3)

Core 3

Core References

Exploit, Third Party Advisory

https://github.com/0xst4n/APSystems-ECU-R-RCE-Timezone

Exploit

https://www.youtube.com/watch?v=YNeeaDPJOBY

Various Sources

https://web.archive.org/web/20230626075954/https://github.com/0xst4n/APSystems-ECU-R-RCE-Timezone

Scores

CVSS v3 9.8

EPSS 0.7604

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2023-06-22

CWE

CWE-78 CWE-94

Status published

Products (1)

apsystems/ecu-r_firmware 5203

Published Feb 10, 2023

Tracked Since Feb 18, 2026