CVE-2022-32572

Description

An os command injection vulnerability exists in the aVideoEncoder wget functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.

CVSS breakdown

CVSS 3.0

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected products

WWBN / AVideo11.6 – 11.6
WWBN / AVideodev master commit 3f7c0364 – dev master commit 3f7c0364

References

MISChttps://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql
MISChttps://talosintelligence.com/vulnerability_reports/TALOS-2022-1548