CVE-2022-45699

CRITICAL EXPLOITED NUCLEI

Apsystems Ecu-r Firmware - Code Injection

Title source: rule

Description

Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter.

Nuclei Templates (1)

APsystems ECU-R Firmware - Command Injection

CRITICALby pussycat0x

References (3)

[Exploit, Third Party Advisory] https://github.com/0xst4n/APSystems-ECU-R-RCE-Timezone

[Various Sources] https://web.archive.org/web/20230626075954/https://github.com/0xst4n/APSystems-ECU-R-RCE-Timezone

[Exploit] https://www.youtube.com/watch?v=YNeeaDPJOBY

Scores

CVSS v3 9.8

EPSS 0.8995

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-06-22

CWE

CWE-78 CWE-94

Status published

Products (1)

apsystems/ecu-r_firmware 5203

Published Feb 10, 2023

Tracked Since Feb 18, 2026