OS Command Injection Vulnerability in Asus NAS-M25

OS Command Injection Vulnerability in Asus NAS-M25

CVE-2022-4221 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7.

Learn more about our Web Application Penetration Testing UK.