Unauthenticated Remote Code Execution and System Compromise via Configuration Backend Vulnerability
CVE-2022-45140 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise.
Learn more about our User Device Pen Test.