CVE-2022-37861

moderate-risk
Published 2022-09-15

There is a remote code execution (RCE) vulnerability in Tenhot TWS-100 V4.0-201809201424 router device. It is necessary to know that the device account password is allowed to escape the execution system command through the network tools in the network diagnostic component.

Do I need to act?

~
3.6% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Tws-100 Firmware

Affected Vendors

Tenhot

References (4)

Vendor Advisory http://www.tenhot.net/html/pro/wgzly/111704.html
Exploit https://gist.github.com/ox01024/784894c27213c5a765b5c8f8375db256
Vendor Advisory http://www.tenhot.net/html/pro/wgzly/111704.html
Exploit https://gist.github.com/ox01024/784894c27213c5a765b5c8f8375db256
44
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 7/34 · Low
Exposure 5/34 · Minimal