Unauthenticated Remote Code Execution and System Compromise via Configuration Backend Vulnerability

Unauthenticated Remote Code Execution and System Compromise via Configuration Backend Vulnerability

CVE-2022-45140 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise.

Learn more about our User Device Pen Test.