Common Weakness Enumeration

CWE-489

Allowed

Active Debug Code

Abstraction: Base · Status: Draft

The product is released with debugging code still enabled or active.

141 vulnerabilities reference this CWE, most recent first.

CVE-2022-30543 (GCVE-0-2022-30543)

Vulnerability from cvelistv5 – Published: 2022-11-09 17:35 – Updated: 2025-04-15 18:40
VLAI
Summary
A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Date Public
2022-10-27 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:48:36.396Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://inhandnetworks.com/upload/attachment/202210/25/InHand-PSA-2022-02.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1519"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-30543",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-15T18:16:24.391659Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-15T18:40:37.531Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "InRouter302",
          "vendor": "InHand Networks",
          "versions": [
            {
              "status": "affected",
              "version": "V3.5.45"
            }
          ]
        }
      ],
      "datePublic": "2022-10-27T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-489",
              "description": "CWE-489: Leftover Debug Code",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-09T00:00:00.000Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "url": "https://inhandnetworks.com/upload/attachment/202210/25/InHand-PSA-2022-02.pdf"
        },
        {
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1519"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2022-30543",
    "datePublished": "2022-11-09T17:35:40.288Z",
    "dateReserved": "2022-05-13T00:00:00.000Z",
    "dateUpdated": "2025-04-15T18:40:37.531Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-29888 (GCVE-0-2022-29888)

Vulnerability from cvelistv5 – Published: 2022-11-09 17:35 – Updated: 2025-04-15 18:40
VLAI
Summary
A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Date Public
2022-10-27 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:33:43.056Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://inhandnetworks.com/upload/attachment/202210/25/InHand-PSA-2022-02.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1522"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-29888",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-15T18:16:27.368335Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-15T18:40:44.532Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "InRouter302",
          "vendor": "InHand Networks",
          "versions": [
            {
              "status": "affected",
              "version": "V3.5.45"
            }
          ]
        }
      ],
      "datePublic": "2022-10-27T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-489",
              "description": "CWE-489: Leftover Debug Code",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-09T00:00:00.000Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "url": "https://inhandnetworks.com/upload/attachment/202210/25/InHand-PSA-2022-02.pdf"
        },
        {
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1522"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2022-29888",
    "datePublished": "2022-11-09T17:35:39.230Z",
    "dateReserved": "2022-05-16T00:00:00.000Z",
    "dateUpdated": "2025-04-15T18:40:44.532Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-29520 (GCVE-0-2022-29520)

Vulnerability from cvelistv5 – Published: 2022-10-25 16:33 – Updated: 2025-04-15 18:48
VLAI
Summary
An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send an XML payload to trigger this vulnerability.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Date Public
2022-10-20 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:26:06.075Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1561"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-29520",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-15T18:17:50.771454Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-15T18:48:26.587Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iota All-In-One Security Kit",
          "vendor": "abode systems, inc.",
          "versions": [
            {
              "status": "affected",
              "version": "6.9Z"
            }
          ]
        }
      ],
      "datePublic": "2022-10-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send an XML payload to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-489",
              "description": "CWE-489: Leftover Debug Code",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-25T00:00:00.000Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1561"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2022-29520",
    "datePublished": "2022-10-25T16:33:36.201Z",
    "dateReserved": "2022-06-13T00:00:00.000Z",
    "dateUpdated": "2025-04-15T18:48:26.587Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-29481 (GCVE-0-2022-29481)

Vulnerability from cvelistv5 – Published: 2022-11-09 17:35 – Updated: 2025-04-15 18:40
VLAI
Summary
A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Date Public
2022-10-27 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:26:05.886Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://inhandnetworks.com/upload/attachment/202210/25/InHand-PSA-2022-02.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1518"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-29481",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-15T18:16:30.484521Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-15T18:40:54.031Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "InRouter302",
          "vendor": "InHand Networks",
          "versions": [
            {
              "status": "affected",
              "version": "V3.5.45"
            }
          ]
        }
      ],
      "datePublic": "2022-10-27T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-489",
              "description": "CWE-489: Leftover Debug Code",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-09T00:00:00.000Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "url": "https://inhandnetworks.com/upload/attachment/202210/25/InHand-PSA-2022-02.pdf"
        },
        {
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1518"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2022-29481",
    "datePublished": "2022-11-09T17:35:38.151Z",
    "dateReserved": "2022-05-13T00:00:00.000Z",
    "dateUpdated": "2025-04-15T18:40:54.031Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-28689 (GCVE-0-2022-28689)

Vulnerability from cvelistv5 – Published: 2022-11-09 17:35 – Updated: 2025-04-15 18:41
VLAI
Summary
A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Date Public
2022-10-27 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:03:52.344Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://inhandnetworks.com/upload/attachment/202210/25/InHand-PSA-2022-02.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1521"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-28689",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-15T18:12:39.786971Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-15T18:41:03.059Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "InRouter302",
          "vendor": "InHand Networks",
          "versions": [
            {
              "status": "affected",
              "version": "V3.5.45"
            }
          ]
        }
      ],
      "datePublic": "2022-10-27T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-489",
              "description": "CWE-489: Leftover Debug Code",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-09T00:00:00.000Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "url": "https://inhandnetworks.com/upload/attachment/202210/25/InHand-PSA-2022-02.pdf"
        },
        {
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1521"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2022-28689",
    "datePublished": "2022-11-09T17:35:37.094Z",
    "dateReserved": "2022-05-13T00:00:00.000Z",
    "dateUpdated": "2025-04-15T18:41:03.059Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-27597 (GCVE-0-2022-27597)

Vulnerability from cvelistv5 – Published: 2023-03-29 00:00 – Updated: 2025-02-12 19:32
VLAI
Title
QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances)
Summary
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
Vendor Product Version
QNAP Systems Inc. QTS Affected: unspecified , < 5.0.1.2346 build 20230322 (custom)
Create a notification for this product.
QNAP Systems Inc. QuTS hero Affected: unspecified , < h5.0.1.2348 build 20230324 (custom)
Create a notification for this product.
Date Public
2023-03-30 00:00
Credits
Sternum LIV and Sternum team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:32:58.345Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qnap.com/en/security-advisory/qsa-23-06"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-27597",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-12T19:32:36.172672Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T19:32:39.994Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "QTS",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "5.0.1.2346 build 20230322",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "QuTS hero",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "h5.0.1.2348 build 20230324",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sternum LIV and Sternum team"
        }
      ],
      "datePublic": "2023-03-30T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1295",
              "description": "CWE-1295",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-489",
              "description": "CWE-489",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-20T00:00:00.000Z",
        "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "shortName": "qnap"
      },
      "references": [
        {
          "url": "https://www.qnap.com/en/security-advisory/qsa-23-06"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2346 build 20230322 and later\nQuTS hero h5.0.1.2348 build 20230324 and later\n"
        }
      ],
      "source": {
        "advisory": "QSA-23-06",
        "discovery": "EXTERNAL"
      },
      "title": "QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances)",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
    "assignerShortName": "qnap",
    "cveId": "CVE-2022-27597",
    "datePublished": "2023-03-29T00:00:00.000Z",
    "dateReserved": "2022-03-21T00:00:00.000Z",
    "dateUpdated": "2025-02-12T19:32:39.994Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-26023 (GCVE-0-2022-26023)

Vulnerability from cvelistv5 – Published: 2022-11-09 17:35 – Updated: 2025-04-15 18:41
VLAI
Summary
A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Date Public
2022-10-27 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:56:37.659Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://inhandnetworks.com/upload/attachment/202210/25/InHand-PSA-2022-02.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1520"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-26023",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-15T18:16:33.364504Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-15T18:41:10.624Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "InRouter302",
          "vendor": "InHand Networks",
          "versions": [
            {
              "status": "affected",
              "version": "V3.5.45"
            }
          ]
        }
      ],
      "datePublic": "2022-10-27T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-489",
              "description": "CWE-489: Leftover Debug Code",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-09T00:00:00.000Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "url": "https://inhandnetworks.com/upload/attachment/202210/25/InHand-PSA-2022-02.pdf"
        },
        {
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1520"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2022-26023",
    "datePublished": "2022-11-09T17:35:36.028Z",
    "dateReserved": "2022-05-13T00:00:00.000Z",
    "dateUpdated": "2025-04-15T18:41:10.624Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-25995 (GCVE-0-2022-25995)

Vulnerability from cvelistv5 – Published: 2022-05-12 17:01 – Updated: 2025-04-15 19:03
VLAI
Summary
A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Date Public
2022-05-10 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:56:36.929Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.inhandnetworks.com/upload/attachment/202205/10/InHand-PSA-2022-01.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1477"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-25995",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-15T18:23:02.464060Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-15T19:03:12.842Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "InRouter302",
          "vendor": "InHand Networks",
          "versions": [
            {
              "status": "affected",
              "version": "V3.5.4"
            }
          ]
        }
      ],
      "datePublic": "2022-05-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-489",
              "description": "CWE-489: Leftover Debug Code",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-12T17:01:36.000Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.inhandnetworks.com/upload/attachment/202205/10/InHand-PSA-2022-01.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1477"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "DATE_PUBLIC": "2022-05-10",
          "ID": "CVE-2022-25995",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "InRouter302",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "V3.5.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "InHand Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 9.9,
            "baseSeverity": "Critical",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-489: Leftover Debug Code"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.inhandnetworks.com/upload/attachment/202205/10/InHand-PSA-2022-01.pdf",
              "refsource": "CONFIRM",
              "url": "https://www.inhandnetworks.com/upload/attachment/202205/10/InHand-PSA-2022-01.pdf"
            },
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1477",
              "refsource": "MISC",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1477"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2022-25995",
    "datePublished": "2022-05-12T17:01:36.120Z",
    "dateReserved": "2022-02-25T00:00:00.000Z",
    "dateUpdated": "2025-04-15T19:03:12.842Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-20649 (GCVE-0-2022-20649)

Vulnerability from cvelistv5 – Published: 2024-11-15 15:59 – Updated: 2024-11-15 19:41
VLAI
Title
Cisco Redundancy Configuration Manager Debug Remote Code Execution Vulnerability
Summary
A vulnerability in Cisco&nbsp;RCM for Cisco&nbsp;StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges&nbsp;in the context of the configured container. This vulnerability exists because the debug mode is incorrectly enabled for specific services. An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled. A successful exploit could allow the attacker to execute arbitrary commands as the root user. The attacker would need to perform detailed reconnaissance to allow for unauthenticated access. The vulnerability can also be exploited by an authenticated attacker. Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Redundancy Configuration Manager Affected: 2021.02.0
Affected: 2021.01.0
Affected: 21.19.n13
Affected: 21.17.19
Affected: 21.18.24
Affected: 21.25.0
Affected: 21.15.60
Affected: 21.22.11
Affected: 21.20.25
Affected: 21.20.21
Affected: 21.24.2
Affected: 21.23.10
Affected: 21.22.n5
Affected: 21.15.57
Affected: 21.25.1
Affected: 21.18.21
Affected: 21.23.1
Affected: 21.19.11
Affected: 21.16.c16
Affected: 21.23.5
Affected: 21.22.4
Affected: 21.22.ua2
Affected: 21.23.n6
Affected: 21.17.18
Affected: 21.17.17
Affected: 21.21.KS2
Affected: 21.20.23
Affected: 21.20.15
Affected: 21.20.p9
Affected: 21.20.17
Affected: 21.20.14
Affected: 21.21.3
Affected: 21.19.n9
Affected: 21.23.0
Affected: 21.5.30
Affected: 21.22.n4
Affected: 21.20.12
Affected: 21.23.b2
Affected: 21.20.13
Affected: 21.18.22
Affected: 21.18.23
Affected: 21.20.24
Affected: 21.23.6
Affected: 21.21.1
Affected: 21.23.8
Affected: 21.11.20
Affected: 21.15.58
Affected: 21.24.0
Affected: 21.18.18
Affected: 21.20.u8
Affected: 21.18.19
Affected: 21.21.2
Affected: 21.22.2
Affected: 21.22.8
Affected: 21.22.uj3
Affected: 21.22.5
Affected: 21.22.3
Affected: 21.22.10
Affected: 21.18.20
Affected: 21.15.55
Affected: 21.12.22
Affected: 21.23.4
Affected: 21.15.59
Affected: 21.22.ua0
Affected: 21.20.16
Affected: 21.20.18
Affected: 21.20.19
Affected: 21.19.n7
Affected: 21.20.20
Affected: 21.19.n10
Affected: 21.19.n11
Affected: 21.22.7
Affected: 21.22.ua3
Affected: 21.19.n12
Affected: 21.23.9
Affected: 21.18.16
Affected: 21.16.10
Affected: 21.22.6
Affected: 21.18.17
Affected: 21.24.1
Affected: 21.11.21
Affected: 21.23.3
Affected: 21.9.13
Affected: 21.20.k8
Affected: 21.19.n8
Affected: 21.22.9
Affected: 21.16.c17
Affected: 21.16.9
Affected: 21.23.2
Affected: 21.20.22
Affected: 21.18.7
Affected: 21.19.6
Affected: 21.23.7
Affected: 21.11.16
Affected: 21.18.13
Affected: 21.15.47
Affected: 21.19.n6
Affected: 6.9.8
Affected: 21.20.k6
Affected: 21.20.6
Affected: 21.19.10
Affected: 21.19.n4
Affected: 21.15.46
Affected: 21.17.14
Affected: 21.15.52
Affected: 21.16.6
Affected: 21.22.n3
Affected: 21.15.54
Affected: 21.18.15
Affected: 21.18.11
Affected: 21.18.8
Affected: 21.12.20
Affected: 21.5.28
Affected: 21.20.11
Affected: 21.8.12
Affected: 21.19.7
Affected: 21.19.5
Affected: 21.11.19
Affected: 21.16.c15
Affected: 21.18.12
Affected: 21.15.51
Affected: 21.18.14
Affected: 21.11.15
Affected: 21.16.c14
Affected: 21.20.4
Affected: 21.20.7
Affected: 21.14.b22
Affected: 21.17.10
Affected: 21.12.21
Affected: 21.19.9
Affected: 21.13.21
Affected: 21.14.23
Affected: 21.20.UV0
Affected: 21.10.6
Affected: 21.15.45
Affected: 21.15.53
Affected: 21.17.15
Affected: 21.17.16
Affected: 6.14.2
Affected: 21.19.n3
Affected: 21.17.11
Affected: 21.21.0
Affected: 21.20.10
Affected: 21.20.3
Affected: 21.20.5
Affected: 21.16.7
Affected: 21.22.1
Affected: 21.17.9
Affected: 21.17.13
Affected: 21.20.2
Affected: 21.20.9
Affected: 21.5.27
Affected: 21.14.22
Affected: 21.19.8
Affected: 21.22.n2
Affected: 21.16.8
Affected: 21.11.17
Affected: 21.20.8
Affected: 21.20.k7
Affected: 21.18.9
Affected: 21.19.n5
Affected: 21.11.18
Affected: 21.5.29
Affected: 21.15.48
Affected: 21.22.0
Affected: 21.14.b19
Affected: 21.15.17
Affected: 21.16.c4
Affected: 21.19.2
Affected: 6.2.b17
Affected: 6.9.7
Affected: 21.16.c6
Affected: 21.17.8
Affected: 21.11.13
Affected: 21.12.19
Affected: 21.12.18
Affected: 21.6.15
Affected: 21.20.0
Affected: 6.13.EY2
Affected: 21.15.36
Affected: 21.15.21
Affected: 21.15.43
Affected: 6.14.0
Affected: 21.14.b15
Affected: 21.15.14
Affected: 21.15.15
Affected: 21.16.c7
Affected: 21.16.c3
Affected: 6.13.EY1
Affected: 21.15.13
Affected: 21.12.15
Affected: 21.5.25
Affected: 21.14.b12
Affected: 21.18.6
Affected: 21.19.4
Affected: 21.17.3
Affected: 21.16.c5
Affected: 21.14.b21
Affected: 21.18.1
Affected: 6.11.0
Affected: 21.14.17
Affected: 21.5.26
Affected: 21.14.b13
Affected: 21.14.b16
Affected: 21.15.22
Affected: 21.15.23
Affected: 21.16.3
Affected: 21.16.c10
Affected: 21.16.d1
Affected: 21.15.28
Affected: 21.11.11
Affected: 21.15.30
Affected: 21.15.29
Affected: 21.13.18
Affected: 21.12.16
Affected: 21.17.5
Affected: 21.14.b18
Affected: 21.14.RH0
Affected: 21.14.b14
Affected: 6.6.7
Affected: 21.15.20
Affected: 21.15.32
Affected: 21.14.18
Affected: 21.6.b25
Affected: 21.17.2
Affected: 6.2.b15
Affected: 21.15.33
Affected: 21.13.19
Affected: 6.2.b14
Affected: 21.19.n1
Affected: 21.19.1
Affected: 21.19.0
Affected: 21.6.b26
Affected: 6.2.b16
Affected: 21.11.12
Affected: 21.18.3
Affected: 21.17.7
Affected: 21.14.12
Affected: 21.19.n2
Affected: 21.16.c11
Affected: 21.16.c12
Affected: 6.10.0
Affected: 21.16.4
Affected: 6.13.0
Affected: 21.13.16
Affected: 21.16.c13
Affected: 21.17.1
Affected: 21.17.6
Affected: 21.12.17
Affected: 21.11.10
Affected: 21.20.SV1
Affected: 21.11.14
Affected: 6.11.1
Affected: 21.17.0
Affected: 21.9.12
Affected: 21.20.1
Affected: 21.14.19
Affected: 21.14.c3
Affected: 21.15.18
Affected: 21.15.19
Affected: 21.15.16
Affected: 21.15.39
Affected: 6.6.6
Affected: 21.14.11
Affected: 21.14.b17
Affected: 21.14.16
Affected: 21.15.24
Affected: 21.6.b24
Affected: 21.16.c9
Affected: 21.16.c8
Affected: 6.8.1
Affected: 21.15.27
Affected: 21.15.26
Affected: 21.15.25
Affected: 21.17.4
Affected: 21.13.17
Affected: 6.9.5
Affected: 21.18.5
Affected: 21.15.40
Affected: 6.12.0
Affected: 21.18.2
Affected: 21.12.14
Affected: 21.16.d0
Affected: 21.14.20
Affected: 21.18.0
Affected: 21.15.37
Affected: 21.15.41
Affected: 21.18.4
Affected: 21.20.SV2
Affected: 21.20.SV3
Affected: 21.16.5
Affected: 21.20.SV5
Affected: 5.1.15
Affected: 21.19.3
Affected: 21.13.20
Affected: 21.14.b20
Affected: 21.15.7
Affected: 21.13.15
Affected: 21.15.11
Affected: 21.15.9
Affected: 21.15.0
Affected: 21.10.4
Affected: 21.12.12
Affected: 21.12.4
Affected: 21.12.8
Affected: 21.15.5
Affected: 21.13.8
Affected: 21.8.10
Affected: 21.14.6
Affected: 21.15.1
Affected: 21.8.11
Affected: 21.4.16
Affected: 21.9.11
Affected: 21.16.c0
Affected: 21.13.14
Affected: 21.13.4
Affected: 21.14.7
Affected: 21.14.8
Affected: 21.9.8
Affected: 21.16.c2
Affected: 21.15.10
Affected: 21.15.2
Affected: 21.15.6
Affected: 6.7.0
Affected: 21.13.6
Affected: 21.9.10
Affected: 21.14.1
Affected: 21.7.13
Affected: 21.11.8
Affected: 21.14.2
Affected: 21.14.0
Affected: 21.12.10
Affected: 21.9.9
Affected: 21.13.5
Affected: 21.13.2
Affected: 21.13.9
Affected: 21.13.10
Affected: 21.12.5
Affected: 21.12.9
Affected: 21.5.23
Affected: 21.14.10
Affected: 21.14.c2
Affected: 21.14.9
Affected: 21.11.6
Affected: 21.5.20
Affected: 21.13.12
Affected: 21.15.12
Affected: 6.9.2
Affected: 21.15.4
Affected: 21.13.11
Affected: 21.13.7
Affected: 21.10.5
Affected: 21.6.b19
Affected: 21.6.b23
Affected: 21.13.0
Affected: 21.6.14
Affected: 21.13.13
Affected: 21.4.17
Affected: 21.11.9
Affected: 21.11.2
Affected: 21.15.8
Affected: 21.16.2
Affected: 21.16.1
Affected: 21.16.c1
Affected: 21.5.21
Affected: 21.11.4
Affected: 21.6.b21
Affected: 21.14.a5
Affected: 21.10.3
Affected: 21.11.5
Affected: 21.13.3
Affected: 21.5.22
Affected: 21.12.7
Affected: 21.12.13
Affected: 21.12.6
Affected: 21.5.19
Affected: 21.6.b22
Affected: 21.11.7
Affected: 21.13.1
Affected: 21.14.a0
Affected: 21.14.4
Affected: 21.14.5
Affected: 21.5.24
Affected: 21.14.3
Affected: 21.16.0
Affected: 21.6.b20
Affected: 21.7.5
Affected: 21.15.3
Affected: 21.6.12
Affected: 21.8.5
Affected: 21.9.7
Affected: 21.12.11
Affected: 21.12.2
Affected: 6.2.b6
Affected: 21.8.4
Affected: 6.2.b5
Affected: 21.5.15
Affected: 21.8.1
Affected: 21.4.13
Affected: 21.10.0
Affected: 21.5.13
Affected: 21.9.0
Affected: 21.9.4
Affected: 21.4.9
Affected: 21.4.12
Affected: 21.11.3
Affected: 21.5.16
Affected: 21.7.9
Affected: 6.5.0
Affected: 21.4.8
Affected: 21.6.8
Affected: 21.6.5
Affected: 21.8.3
Affected: 21.6.10
Affected: 21.6.4
Affected: 21.7.8
Affected: 21.4.15
Affected: 21.4.11
Affected: 21.8.6
Affected: 21.8.ca1
Affected: 21.9.6
Affected: 21.4.7
Affected: 21.11.0
Affected: 21.11.1
Affected: 21.5.7
Affected: 6.2.b4
Affected: 21.7.7
Affected: 21.6.b14
Affected: 21.6.b13
Affected: 21.6.b15
Affected: 21.7.6
Affected: 21.6.6
Affected: 21.9.5
Affected: 21.5.9
Affected: 21.5.14
Affected: 21.8.8
Affected: 21.5.12
Affected: 21.8.0
Affected: 21.5.8
Affected: 21.7.10
Affected: 6.2.5
Affected: 21.8.9
Affected: 6.4.0
Affected: 21.6.b17
Affected: 21.6.b16
Affected: 21.6.11
Affected: 21.10.1
Affected: 21.4.10
Affected: 21.4.14
Affected: 21.6.9
Affected: 21.6.7
Affected: 21.12.3
Affected: 21.9.1
Affected: 21.9.2
Affected: 21.12.0
Affected: 21.7.12
Affected: 21.10.2
Affected: 21.8.7
Affected: 21.8.2
Affected: 21.5.6
Affected: 21.5.10
Affected: 21.6.13
Affected: 21.6.b18
Affected: 21.7.11
Affected: 21.7.1
Affected: 21.9.3
Affected: 21.7.0
Affected: 21.5.11
Affected: 21.5.17
Affected: 21.5.4
Affected: 21.7.3
Affected: 21.4.1
Affected: 21.4.3
Affected: 21.7.2
Affected: 21.4.5
Affected: 21.5.2
Affected: 21.6.3
Affected: 21.6.0
Affected: 21.6.2
Affected: 21.5.5
Affected: 21.4.6
Affected: 21.4.0
Affected: 21.4.2
Affected: 21.4.4
Affected: 21.7.4
Affected: 21.5.0
Affected: 21.5.1
Affected: 21.6.1
Affected: 21.5.3
Affected: 21.19.n14
Affected: 21.25.3
Affected: 21.23.11
Affected: 21.23.b3
Affected: 21.20.c22
Affected: 21.20.27
Affected: 21.23.n7
Affected: 21.20.26
Affected: 21.23.12
Affected: 21.20.28
Affected: 21.22.ua5
Create a notification for this product.
cisco redundancy_configuration_manager Affected: 0 , < 21.25.4 (custom)
    cpe:2.3:a:cisco:redundancy_configuration_manager:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:redundancy_configuration_manager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "redundancy_configuration_manager",
            "vendor": "cisco",
            "versions": [
              {
                "lessThan": "21.25.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-20649",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T19:40:41.090546Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T19:41:58.793Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Redundancy Configuration Manager",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "2021.02.0"
            },
            {
              "status": "affected",
              "version": "2021.01.0"
            },
            {
              "status": "affected",
              "version": "21.19.n13"
            },
            {
              "status": "affected",
              "version": "21.17.19"
            },
            {
              "status": "affected",
              "version": "21.18.24"
            },
            {
              "status": "affected",
              "version": "21.25.0"
            },
            {
              "status": "affected",
              "version": "21.15.60"
            },
            {
              "status": "affected",
              "version": "21.22.11"
            },
            {
              "status": "affected",
              "version": "21.20.25"
            },
            {
              "status": "affected",
              "version": "21.20.21"
            },
            {
              "status": "affected",
              "version": "21.24.2"
            },
            {
              "status": "affected",
              "version": "21.23.10"
            },
            {
              "status": "affected",
              "version": "21.22.n5"
            },
            {
              "status": "affected",
              "version": "21.15.57"
            },
            {
              "status": "affected",
              "version": "21.25.1"
            },
            {
              "status": "affected",
              "version": "21.18.21"
            },
            {
              "status": "affected",
              "version": "21.23.1"
            },
            {
              "status": "affected",
              "version": "21.19.11"
            },
            {
              "status": "affected",
              "version": "21.16.c16"
            },
            {
              "status": "affected",
              "version": "21.23.5"
            },
            {
              "status": "affected",
              "version": "21.22.4"
            },
            {
              "status": "affected",
              "version": "21.22.ua2"
            },
            {
              "status": "affected",
              "version": "21.23.n6"
            },
            {
              "status": "affected",
              "version": "21.17.18"
            },
            {
              "status": "affected",
              "version": "21.17.17"
            },
            {
              "status": "affected",
              "version": "21.21.KS2"
            },
            {
              "status": "affected",
              "version": "21.20.23"
            },
            {
              "status": "affected",
              "version": "21.20.15"
            },
            {
              "status": "affected",
              "version": "21.20.p9"
            },
            {
              "status": "affected",
              "version": "21.20.17"
            },
            {
              "status": "affected",
              "version": "21.20.14"
            },
            {
              "status": "affected",
              "version": "21.21.3"
            },
            {
              "status": "affected",
              "version": "21.19.n9"
            },
            {
              "status": "affected",
              "version": "21.23.0"
            },
            {
              "status": "affected",
              "version": "21.5.30"
            },
            {
              "status": "affected",
              "version": "21.22.n4"
            },
            {
              "status": "affected",
              "version": "21.20.12"
            },
            {
              "status": "affected",
              "version": "21.23.b2"
            },
            {
              "status": "affected",
              "version": "21.20.13"
            },
            {
              "status": "affected",
              "version": "21.18.22"
            },
            {
              "status": "affected",
              "version": "21.18.23"
            },
            {
              "status": "affected",
              "version": "21.20.24"
            },
            {
              "status": "affected",
              "version": "21.23.6"
            },
            {
              "status": "affected",
              "version": "21.21.1"
            },
            {
              "status": "affected",
              "version": "21.23.8"
            },
            {
              "status": "affected",
              "version": "21.11.20"
            },
            {
              "status": "affected",
              "version": "21.15.58"
            },
            {
              "status": "affected",
              "version": "21.24.0"
            },
            {
              "status": "affected",
              "version": "21.18.18"
            },
            {
              "status": "affected",
              "version": "21.20.u8"
            },
            {
              "status": "affected",
              "version": "21.18.19"
            },
            {
              "status": "affected",
              "version": "21.21.2"
            },
            {
              "status": "affected",
              "version": "21.22.2"
            },
            {
              "status": "affected",
              "version": "21.22.8"
            },
            {
              "status": "affected",
              "version": "21.22.uj3"
            },
            {
              "status": "affected",
              "version": "21.22.5"
            },
            {
              "status": "affected",
              "version": "21.22.3"
            },
            {
              "status": "affected",
              "version": "21.22.10"
            },
            {
              "status": "affected",
              "version": "21.18.20"
            },
            {
              "status": "affected",
              "version": "21.15.55"
            },
            {
              "status": "affected",
              "version": "21.12.22"
            },
            {
              "status": "affected",
              "version": "21.23.4"
            },
            {
              "status": "affected",
              "version": "21.15.59"
            },
            {
              "status": "affected",
              "version": "21.22.ua0"
            },
            {
              "status": "affected",
              "version": "21.20.16"
            },
            {
              "status": "affected",
              "version": "21.20.18"
            },
            {
              "status": "affected",
              "version": "21.20.19"
            },
            {
              "status": "affected",
              "version": "21.19.n7"
            },
            {
              "status": "affected",
              "version": "21.20.20"
            },
            {
              "status": "affected",
              "version": "21.19.n10"
            },
            {
              "status": "affected",
              "version": "21.19.n11"
            },
            {
              "status": "affected",
              "version": "21.22.7"
            },
            {
              "status": "affected",
              "version": "21.22.ua3"
            },
            {
              "status": "affected",
              "version": "21.19.n12"
            },
            {
              "status": "affected",
              "version": "21.23.9"
            },
            {
              "status": "affected",
              "version": "21.18.16"
            },
            {
              "status": "affected",
              "version": "21.16.10"
            },
            {
              "status": "affected",
              "version": "21.22.6"
            },
            {
              "status": "affected",
              "version": "21.18.17"
            },
            {
              "status": "affected",
              "version": "21.24.1"
            },
            {
              "status": "affected",
              "version": "21.11.21"
            },
            {
              "status": "affected",
              "version": "21.23.3"
            },
            {
              "status": "affected",
              "version": "21.9.13"
            },
            {
              "status": "affected",
              "version": "21.20.k8"
            },
            {
              "status": "affected",
              "version": "21.19.n8"
            },
            {
              "status": "affected",
              "version": "21.22.9"
            },
            {
              "status": "affected",
              "version": "21.16.c17"
            },
            {
              "status": "affected",
              "version": "21.16.9"
            },
            {
              "status": "affected",
              "version": "21.23.2"
            },
            {
              "status": "affected",
              "version": "21.20.22"
            },
            {
              "status": "affected",
              "version": "21.18.7"
            },
            {
              "status": "affected",
              "version": "21.19.6"
            },
            {
              "status": "affected",
              "version": "21.23.7"
            },
            {
              "status": "affected",
              "version": "21.11.16"
            },
            {
              "status": "affected",
              "version": "21.18.13"
            },
            {
              "status": "affected",
              "version": "21.15.47"
            },
            {
              "status": "affected",
              "version": "21.19.n6"
            },
            {
              "status": "affected",
              "version": "6.9.8"
            },
            {
              "status": "affected",
              "version": "21.20.k6"
            },
            {
              "status": "affected",
              "version": "21.20.6"
            },
            {
              "status": "affected",
              "version": "21.19.10"
            },
            {
              "status": "affected",
              "version": "21.19.n4"
            },
            {
              "status": "affected",
              "version": "21.15.46"
            },
            {
              "status": "affected",
              "version": "21.17.14"
            },
            {
              "status": "affected",
              "version": "21.15.52"
            },
            {
              "status": "affected",
              "version": "21.16.6"
            },
            {
              "status": "affected",
              "version": "21.22.n3"
            },
            {
              "status": "affected",
              "version": "21.15.54"
            },
            {
              "status": "affected",
              "version": "21.18.15"
            },
            {
              "status": "affected",
              "version": "21.18.11"
            },
            {
              "status": "affected",
              "version": "21.18.8"
            },
            {
              "status": "affected",
              "version": "21.12.20"
            },
            {
              "status": "affected",
              "version": "21.5.28"
            },
            {
              "status": "affected",
              "version": "21.20.11"
            },
            {
              "status": "affected",
              "version": "21.8.12"
            },
            {
              "status": "affected",
              "version": "21.19.7"
            },
            {
              "status": "affected",
              "version": "21.19.5"
            },
            {
              "status": "affected",
              "version": "21.11.19"
            },
            {
              "status": "affected",
              "version": "21.16.c15"
            },
            {
              "status": "affected",
              "version": "21.18.12"
            },
            {
              "status": "affected",
              "version": "21.15.51"
            },
            {
              "status": "affected",
              "version": "21.18.14"
            },
            {
              "status": "affected",
              "version": "21.11.15"
            },
            {
              "status": "affected",
              "version": "21.16.c14"
            },
            {
              "status": "affected",
              "version": "21.20.4"
            },
            {
              "status": "affected",
              "version": "21.20.7"
            },
            {
              "status": "affected",
              "version": "21.14.b22"
            },
            {
              "status": "affected",
              "version": "21.17.10"
            },
            {
              "status": "affected",
              "version": "21.12.21"
            },
            {
              "status": "affected",
              "version": "21.19.9"
            },
            {
              "status": "affected",
              "version": "21.13.21"
            },
            {
              "status": "affected",
              "version": "21.14.23"
            },
            {
              "status": "affected",
              "version": "21.20.UV0"
            },
            {
              "status": "affected",
              "version": "21.10.6"
            },
            {
              "status": "affected",
              "version": "21.15.45"
            },
            {
              "status": "affected",
              "version": "21.15.53"
            },
            {
              "status": "affected",
              "version": "21.17.15"
            },
            {
              "status": "affected",
              "version": "21.17.16"
            },
            {
              "status": "affected",
              "version": "6.14.2"
            },
            {
              "status": "affected",
              "version": "21.19.n3"
            },
            {
              "status": "affected",
              "version": "21.17.11"
            },
            {
              "status": "affected",
              "version": "21.21.0"
            },
            {
              "status": "affected",
              "version": "21.20.10"
            },
            {
              "status": "affected",
              "version": "21.20.3"
            },
            {
              "status": "affected",
              "version": "21.20.5"
            },
            {
              "status": "affected",
              "version": "21.16.7"
            },
            {
              "status": "affected",
              "version": "21.22.1"
            },
            {
              "status": "affected",
              "version": "21.17.9"
            },
            {
              "status": "affected",
              "version": "21.17.13"
            },
            {
              "status": "affected",
              "version": "21.20.2"
            },
            {
              "status": "affected",
              "version": "21.20.9"
            },
            {
              "status": "affected",
              "version": "21.5.27"
            },
            {
              "status": "affected",
              "version": "21.14.22"
            },
            {
              "status": "affected",
              "version": "21.19.8"
            },
            {
              "status": "affected",
              "version": "21.22.n2"
            },
            {
              "status": "affected",
              "version": "21.16.8"
            },
            {
              "status": "affected",
              "version": "21.11.17"
            },
            {
              "status": "affected",
              "version": "21.20.8"
            },
            {
              "status": "affected",
              "version": "21.20.k7"
            },
            {
              "status": "affected",
              "version": "21.18.9"
            },
            {
              "status": "affected",
              "version": "21.19.n5"
            },
            {
              "status": "affected",
              "version": "21.11.18"
            },
            {
              "status": "affected",
              "version": "21.5.29"
            },
            {
              "status": "affected",
              "version": "21.15.48"
            },
            {
              "status": "affected",
              "version": "21.22.0"
            },
            {
              "status": "affected",
              "version": "21.14.b19"
            },
            {
              "status": "affected",
              "version": "21.15.17"
            },
            {
              "status": "affected",
              "version": "21.16.c4"
            },
            {
              "status": "affected",
              "version": "21.19.2"
            },
            {
              "status": "affected",
              "version": "6.2.b17"
            },
            {
              "status": "affected",
              "version": "6.9.7"
            },
            {
              "status": "affected",
              "version": "21.16.c6"
            },
            {
              "status": "affected",
              "version": "21.17.8"
            },
            {
              "status": "affected",
              "version": "21.11.13"
            },
            {
              "status": "affected",
              "version": "21.12.19"
            },
            {
              "status": "affected",
              "version": "21.12.18"
            },
            {
              "status": "affected",
              "version": "21.6.15"
            },
            {
              "status": "affected",
              "version": "21.20.0"
            },
            {
              "status": "affected",
              "version": "6.13.EY2"
            },
            {
              "status": "affected",
              "version": "21.15.36"
            },
            {
              "status": "affected",
              "version": "21.15.21"
            },
            {
              "status": "affected",
              "version": "21.15.43"
            },
            {
              "status": "affected",
              "version": "6.14.0"
            },
            {
              "status": "affected",
              "version": "21.14.b15"
            },
            {
              "status": "affected",
              "version": "21.15.14"
            },
            {
              "status": "affected",
              "version": "21.15.15"
            },
            {
              "status": "affected",
              "version": "21.16.c7"
            },
            {
              "status": "affected",
              "version": "21.16.c3"
            },
            {
              "status": "affected",
              "version": "6.13.EY1"
            },
            {
              "status": "affected",
              "version": "21.15.13"
            },
            {
              "status": "affected",
              "version": "21.12.15"
            },
            {
              "status": "affected",
              "version": "21.5.25"
            },
            {
              "status": "affected",
              "version": "21.14.b12"
            },
            {
              "status": "affected",
              "version": "21.18.6"
            },
            {
              "status": "affected",
              "version": "21.19.4"
            },
            {
              "status": "affected",
              "version": "21.17.3"
            },
            {
              "status": "affected",
              "version": "21.16.c5"
            },
            {
              "status": "affected",
              "version": "21.14.b21"
            },
            {
              "status": "affected",
              "version": "21.18.1"
            },
            {
              "status": "affected",
              "version": "6.11.0"
            },
            {
              "status": "affected",
              "version": "21.14.17"
            },
            {
              "status": "affected",
              "version": "21.5.26"
            },
            {
              "status": "affected",
              "version": "21.14.b13"
            },
            {
              "status": "affected",
              "version": "21.14.b16"
            },
            {
              "status": "affected",
              "version": "21.15.22"
            },
            {
              "status": "affected",
              "version": "21.15.23"
            },
            {
              "status": "affected",
              "version": "21.16.3"
            },
            {
              "status": "affected",
              "version": "21.16.c10"
            },
            {
              "status": "affected",
              "version": "21.16.d1"
            },
            {
              "status": "affected",
              "version": "21.15.28"
            },
            {
              "status": "affected",
              "version": "21.11.11"
            },
            {
              "status": "affected",
              "version": "21.15.30"
            },
            {
              "status": "affected",
              "version": "21.15.29"
            },
            {
              "status": "affected",
              "version": "21.13.18"
            },
            {
              "status": "affected",
              "version": "21.12.16"
            },
            {
              "status": "affected",
              "version": "21.17.5"
            },
            {
              "status": "affected",
              "version": "21.14.b18"
            },
            {
              "status": "affected",
              "version": "21.14.RH0"
            },
            {
              "status": "affected",
              "version": "21.14.b14"
            },
            {
              "status": "affected",
              "version": "6.6.7"
            },
            {
              "status": "affected",
              "version": "21.15.20"
            },
            {
              "status": "affected",
              "version": "21.15.32"
            },
            {
              "status": "affected",
              "version": "21.14.18"
            },
            {
              "status": "affected",
              "version": "21.6.b25"
            },
            {
              "status": "affected",
              "version": "21.17.2"
            },
            {
              "status": "affected",
              "version": "6.2.b15"
            },
            {
              "status": "affected",
              "version": "21.15.33"
            },
            {
              "status": "affected",
              "version": "21.13.19"
            },
            {
              "status": "affected",
              "version": "6.2.b14"
            },
            {
              "status": "affected",
              "version": "21.19.n1"
            },
            {
              "status": "affected",
              "version": "21.19.1"
            },
            {
              "status": "affected",
              "version": "21.19.0"
            },
            {
              "status": "affected",
              "version": "21.6.b26"
            },
            {
              "status": "affected",
              "version": "6.2.b16"
            },
            {
              "status": "affected",
              "version": "21.11.12"
            },
            {
              "status": "affected",
              "version": "21.18.3"
            },
            {
              "status": "affected",
              "version": "21.17.7"
            },
            {
              "status": "affected",
              "version": "21.14.12"
            },
            {
              "status": "affected",
              "version": "21.19.n2"
            },
            {
              "status": "affected",
              "version": "21.16.c11"
            },
            {
              "status": "affected",
              "version": "21.16.c12"
            },
            {
              "status": "affected",
              "version": "6.10.0"
            },
            {
              "status": "affected",
              "version": "21.16.4"
            },
            {
              "status": "affected",
              "version": "6.13.0"
            },
            {
              "status": "affected",
              "version": "21.13.16"
            },
            {
              "status": "affected",
              "version": "21.16.c13"
            },
            {
              "status": "affected",
              "version": "21.17.1"
            },
            {
              "status": "affected",
              "version": "21.17.6"
            },
            {
              "status": "affected",
              "version": "21.12.17"
            },
            {
              "status": "affected",
              "version": "21.11.10"
            },
            {
              "status": "affected",
              "version": "21.20.SV1"
            },
            {
              "status": "affected",
              "version": "21.11.14"
            },
            {
              "status": "affected",
              "version": "6.11.1"
            },
            {
              "status": "affected",
              "version": "21.17.0"
            },
            {
              "status": "affected",
              "version": "21.9.12"
            },
            {
              "status": "affected",
              "version": "21.20.1"
            },
            {
              "status": "affected",
              "version": "21.14.19"
            },
            {
              "status": "affected",
              "version": "21.14.c3"
            },
            {
              "status": "affected",
              "version": "21.15.18"
            },
            {
              "status": "affected",
              "version": "21.15.19"
            },
            {
              "status": "affected",
              "version": "21.15.16"
            },
            {
              "status": "affected",
              "version": "21.15.39"
            },
            {
              "status": "affected",
              "version": "6.6.6"
            },
            {
              "status": "affected",
              "version": "21.14.11"
            },
            {
              "status": "affected",
              "version": "21.14.b17"
            },
            {
              "status": "affected",
              "version": "21.14.16"
            },
            {
              "status": "affected",
              "version": "21.15.24"
            },
            {
              "status": "affected",
              "version": "21.6.b24"
            },
            {
              "status": "affected",
              "version": "21.16.c9"
            },
            {
              "status": "affected",
              "version": "21.16.c8"
            },
            {
              "status": "affected",
              "version": "6.8.1"
            },
            {
              "status": "affected",
              "version": "21.15.27"
            },
            {
              "status": "affected",
              "version": "21.15.26"
            },
            {
              "status": "affected",
              "version": "21.15.25"
            },
            {
              "status": "affected",
              "version": "21.17.4"
            },
            {
              "status": "affected",
              "version": "21.13.17"
            },
            {
              "status": "affected",
              "version": "6.9.5"
            },
            {
              "status": "affected",
              "version": "21.18.5"
            },
            {
              "status": "affected",
              "version": "21.15.40"
            },
            {
              "status": "affected",
              "version": "6.12.0"
            },
            {
              "status": "affected",
              "version": "21.18.2"
            },
            {
              "status": "affected",
              "version": "21.12.14"
            },
            {
              "status": "affected",
              "version": "21.16.d0"
            },
            {
              "status": "affected",
              "version": "21.14.20"
            },
            {
              "status": "affected",
              "version": "21.18.0"
            },
            {
              "status": "affected",
              "version": "21.15.37"
            },
            {
              "status": "affected",
              "version": "21.15.41"
            },
            {
              "status": "affected",
              "version": "21.18.4"
            },
            {
              "status": "affected",
              "version": "21.20.SV2"
            },
            {
              "status": "affected",
              "version": "21.20.SV3"
            },
            {
              "status": "affected",
              "version": "21.16.5"
            },
            {
              "status": "affected",
              "version": "21.20.SV5"
            },
            {
              "status": "affected",
              "version": "5.1.15"
            },
            {
              "status": "affected",
              "version": "21.19.3"
            },
            {
              "status": "affected",
              "version": "21.13.20"
            },
            {
              "status": "affected",
              "version": "21.14.b20"
            },
            {
              "status": "affected",
              "version": "21.15.7"
            },
            {
              "status": "affected",
              "version": "21.13.15"
            },
            {
              "status": "affected",
              "version": "21.15.11"
            },
            {
              "status": "affected",
              "version": "21.15.9"
            },
            {
              "status": "affected",
              "version": "21.15.0"
            },
            {
              "status": "affected",
              "version": "21.10.4"
            },
            {
              "status": "affected",
              "version": "21.12.12"
            },
            {
              "status": "affected",
              "version": "21.12.4"
            },
            {
              "status": "affected",
              "version": "21.12.8"
            },
            {
              "status": "affected",
              "version": "21.15.5"
            },
            {
              "status": "affected",
              "version": "21.13.8"
            },
            {
              "status": "affected",
              "version": "21.8.10"
            },
            {
              "status": "affected",
              "version": "21.14.6"
            },
            {
              "status": "affected",
              "version": "21.15.1"
            },
            {
              "status": "affected",
              "version": "21.8.11"
            },
            {
              "status": "affected",
              "version": "21.4.16"
            },
            {
              "status": "affected",
              "version": "21.9.11"
            },
            {
              "status": "affected",
              "version": "21.16.c0"
            },
            {
              "status": "affected",
              "version": "21.13.14"
            },
            {
              "status": "affected",
              "version": "21.13.4"
            },
            {
              "status": "affected",
              "version": "21.14.7"
            },
            {
              "status": "affected",
              "version": "21.14.8"
            },
            {
              "status": "affected",
              "version": "21.9.8"
            },
            {
              "status": "affected",
              "version": "21.16.c2"
            },
            {
              "status": "affected",
              "version": "21.15.10"
            },
            {
              "status": "affected",
              "version": "21.15.2"
            },
            {
              "status": "affected",
              "version": "21.15.6"
            },
            {
              "status": "affected",
              "version": "6.7.0"
            },
            {
              "status": "affected",
              "version": "21.13.6"
            },
            {
              "status": "affected",
              "version": "21.9.10"
            },
            {
              "status": "affected",
              "version": "21.14.1"
            },
            {
              "status": "affected",
              "version": "21.7.13"
            },
            {
              "status": "affected",
              "version": "21.11.8"
            },
            {
              "status": "affected",
              "version": "21.14.2"
            },
            {
              "status": "affected",
              "version": "21.14.0"
            },
            {
              "status": "affected",
              "version": "21.12.10"
            },
            {
              "status": "affected",
              "version": "21.9.9"
            },
            {
              "status": "affected",
              "version": "21.13.5"
            },
            {
              "status": "affected",
              "version": "21.13.2"
            },
            {
              "status": "affected",
              "version": "21.13.9"
            },
            {
              "status": "affected",
              "version": "21.13.10"
            },
            {
              "status": "affected",
              "version": "21.12.5"
            },
            {
              "status": "affected",
              "version": "21.12.9"
            },
            {
              "status": "affected",
              "version": "21.5.23"
            },
            {
              "status": "affected",
              "version": "21.14.10"
            },
            {
              "status": "affected",
              "version": "21.14.c2"
            },
            {
              "status": "affected",
              "version": "21.14.9"
            },
            {
              "status": "affected",
              "version": "21.11.6"
            },
            {
              "status": "affected",
              "version": "21.5.20"
            },
            {
              "status": "affected",
              "version": "21.13.12"
            },
            {
              "status": "affected",
              "version": "21.15.12"
            },
            {
              "status": "affected",
              "version": "6.9.2"
            },
            {
              "status": "affected",
              "version": "21.15.4"
            },
            {
              "status": "affected",
              "version": "21.13.11"
            },
            {
              "status": "affected",
              "version": "21.13.7"
            },
            {
              "status": "affected",
              "version": "21.10.5"
            },
            {
              "status": "affected",
              "version": "21.6.b19"
            },
            {
              "status": "affected",
              "version": "21.6.b23"
            },
            {
              "status": "affected",
              "version": "21.13.0"
            },
            {
              "status": "affected",
              "version": "21.6.14"
            },
            {
              "status": "affected",
              "version": "21.13.13"
            },
            {
              "status": "affected",
              "version": "21.4.17"
            },
            {
              "status": "affected",
              "version": "21.11.9"
            },
            {
              "status": "affected",
              "version": "21.11.2"
            },
            {
              "status": "affected",
              "version": "21.15.8"
            },
            {
              "status": "affected",
              "version": "21.16.2"
            },
            {
              "status": "affected",
              "version": "21.16.1"
            },
            {
              "status": "affected",
              "version": "21.16.c1"
            },
            {
              "status": "affected",
              "version": "21.5.21"
            },
            {
              "status": "affected",
              "version": "21.11.4"
            },
            {
              "status": "affected",
              "version": "21.6.b21"
            },
            {
              "status": "affected",
              "version": "21.14.a5"
            },
            {
              "status": "affected",
              "version": "21.10.3"
            },
            {
              "status": "affected",
              "version": "21.11.5"
            },
            {
              "status": "affected",
              "version": "21.13.3"
            },
            {
              "status": "affected",
              "version": "21.5.22"
            },
            {
              "status": "affected",
              "version": "21.12.7"
            },
            {
              "status": "affected",
              "version": "21.12.13"
            },
            {
              "status": "affected",
              "version": "21.12.6"
            },
            {
              "status": "affected",
              "version": "21.5.19"
            },
            {
              "status": "affected",
              "version": "21.6.b22"
            },
            {
              "status": "affected",
              "version": "21.11.7"
            },
            {
              "status": "affected",
              "version": "21.13.1"
            },
            {
              "status": "affected",
              "version": "21.14.a0"
            },
            {
              "status": "affected",
              "version": "21.14.4"
            },
            {
              "status": "affected",
              "version": "21.14.5"
            },
            {
              "status": "affected",
              "version": "21.5.24"
            },
            {
              "status": "affected",
              "version": "21.14.3"
            },
            {
              "status": "affected",
              "version": "21.16.0"
            },
            {
              "status": "affected",
              "version": "21.6.b20"
            },
            {
              "status": "affected",
              "version": "21.7.5"
            },
            {
              "status": "affected",
              "version": "21.15.3"
            },
            {
              "status": "affected",
              "version": "21.6.12"
            },
            {
              "status": "affected",
              "version": "21.8.5"
            },
            {
              "status": "affected",
              "version": "21.9.7"
            },
            {
              "status": "affected",
              "version": "21.12.11"
            },
            {
              "status": "affected",
              "version": "21.12.2"
            },
            {
              "status": "affected",
              "version": "6.2.b6"
            },
            {
              "status": "affected",
              "version": "21.8.4"
            },
            {
              "status": "affected",
              "version": "6.2.b5"
            },
            {
              "status": "affected",
              "version": "21.5.15"
            },
            {
              "status": "affected",
              "version": "21.8.1"
            },
            {
              "status": "affected",
              "version": "21.4.13"
            },
            {
              "status": "affected",
              "version": "21.10.0"
            },
            {
              "status": "affected",
              "version": "21.5.13"
            },
            {
              "status": "affected",
              "version": "21.9.0"
            },
            {
              "status": "affected",
              "version": "21.9.4"
            },
            {
              "status": "affected",
              "version": "21.4.9"
            },
            {
              "status": "affected",
              "version": "21.4.12"
            },
            {
              "status": "affected",
              "version": "21.11.3"
            },
            {
              "status": "affected",
              "version": "21.5.16"
            },
            {
              "status": "affected",
              "version": "21.7.9"
            },
            {
              "status": "affected",
              "version": "6.5.0"
            },
            {
              "status": "affected",
              "version": "21.4.8"
            },
            {
              "status": "affected",
              "version": "21.6.8"
            },
            {
              "status": "affected",
              "version": "21.6.5"
            },
            {
              "status": "affected",
              "version": "21.8.3"
            },
            {
              "status": "affected",
              "version": "21.6.10"
            },
            {
              "status": "affected",
              "version": "21.6.4"
            },
            {
              "status": "affected",
              "version": "21.7.8"
            },
            {
              "status": "affected",
              "version": "21.4.15"
            },
            {
              "status": "affected",
              "version": "21.4.11"
            },
            {
              "status": "affected",
              "version": "21.8.6"
            },
            {
              "status": "affected",
              "version": "21.8.ca1"
            },
            {
              "status": "affected",
              "version": "21.9.6"
            },
            {
              "status": "affected",
              "version": "21.4.7"
            },
            {
              "status": "affected",
              "version": "21.11.0"
            },
            {
              "status": "affected",
              "version": "21.11.1"
            },
            {
              "status": "affected",
              "version": "21.5.7"
            },
            {
              "status": "affected",
              "version": "6.2.b4"
            },
            {
              "status": "affected",
              "version": "21.7.7"
            },
            {
              "status": "affected",
              "version": "21.6.b14"
            },
            {
              "status": "affected",
              "version": "21.6.b13"
            },
            {
              "status": "affected",
              "version": "21.6.b15"
            },
            {
              "status": "affected",
              "version": "21.7.6"
            },
            {
              "status": "affected",
              "version": "21.6.6"
            },
            {
              "status": "affected",
              "version": "21.9.5"
            },
            {
              "status": "affected",
              "version": "21.5.9"
            },
            {
              "status": "affected",
              "version": "21.5.14"
            },
            {
              "status": "affected",
              "version": "21.8.8"
            },
            {
              "status": "affected",
              "version": "21.5.12"
            },
            {
              "status": "affected",
              "version": "21.8.0"
            },
            {
              "status": "affected",
              "version": "21.5.8"
            },
            {
              "status": "affected",
              "version": "21.7.10"
            },
            {
              "status": "affected",
              "version": "6.2.5"
            },
            {
              "status": "affected",
              "version": "21.8.9"
            },
            {
              "status": "affected",
              "version": "6.4.0"
            },
            {
              "status": "affected",
              "version": "21.6.b17"
            },
            {
              "status": "affected",
              "version": "21.6.b16"
            },
            {
              "status": "affected",
              "version": "21.6.11"
            },
            {
              "status": "affected",
              "version": "21.10.1"
            },
            {
              "status": "affected",
              "version": "21.4.10"
            },
            {
              "status": "affected",
              "version": "21.4.14"
            },
            {
              "status": "affected",
              "version": "21.6.9"
            },
            {
              "status": "affected",
              "version": "21.6.7"
            },
            {
              "status": "affected",
              "version": "21.12.3"
            },
            {
              "status": "affected",
              "version": "21.9.1"
            },
            {
              "status": "affected",
              "version": "21.9.2"
            },
            {
              "status": "affected",
              "version": "21.12.0"
            },
            {
              "status": "affected",
              "version": "21.7.12"
            },
            {
              "status": "affected",
              "version": "21.10.2"
            },
            {
              "status": "affected",
              "version": "21.8.7"
            },
            {
              "status": "affected",
              "version": "21.8.2"
            },
            {
              "status": "affected",
              "version": "21.5.6"
            },
            {
              "status": "affected",
              "version": "21.5.10"
            },
            {
              "status": "affected",
              "version": "21.6.13"
            },
            {
              "status": "affected",
              "version": "21.6.b18"
            },
            {
              "status": "affected",
              "version": "21.7.11"
            },
            {
              "status": "affected",
              "version": "21.7.1"
            },
            {
              "status": "affected",
              "version": "21.9.3"
            },
            {
              "status": "affected",
              "version": "21.7.0"
            },
            {
              "status": "affected",
              "version": "21.5.11"
            },
            {
              "status": "affected",
              "version": "21.5.17"
            },
            {
              "status": "affected",
              "version": "21.5.4"
            },
            {
              "status": "affected",
              "version": "21.7.3"
            },
            {
              "status": "affected",
              "version": "21.4.1"
            },
            {
              "status": "affected",
              "version": "21.4.3"
            },
            {
              "status": "affected",
              "version": "21.7.2"
            },
            {
              "status": "affected",
              "version": "21.4.5"
            },
            {
              "status": "affected",
              "version": "21.5.2"
            },
            {
              "status": "affected",
              "version": "21.6.3"
            },
            {
              "status": "affected",
              "version": "21.6.0"
            },
            {
              "status": "affected",
              "version": "21.6.2"
            },
            {
              "status": "affected",
              "version": "21.5.5"
            },
            {
              "status": "affected",
              "version": "21.4.6"
            },
            {
              "status": "affected",
              "version": "21.4.0"
            },
            {
              "status": "affected",
              "version": "21.4.2"
            },
            {
              "status": "affected",
              "version": "21.4.4"
            },
            {
              "status": "affected",
              "version": "21.7.4"
            },
            {
              "status": "affected",
              "version": "21.5.0"
            },
            {
              "status": "affected",
              "version": "21.5.1"
            },
            {
              "status": "affected",
              "version": "21.6.1"
            },
            {
              "status": "affected",
              "version": "21.5.3"
            },
            {
              "status": "affected",
              "version": "21.19.n14"
            },
            {
              "status": "affected",
              "version": "21.25.3"
            },
            {
              "status": "affected",
              "version": "21.23.11"
            },
            {
              "status": "affected",
              "version": "21.23.b3"
            },
            {
              "status": "affected",
              "version": "21.20.c22"
            },
            {
              "status": "affected",
              "version": "21.20.27"
            },
            {
              "status": "affected",
              "version": "21.23.n7"
            },
            {
              "status": "affected",
              "version": "21.20.26"
            },
            {
              "status": "affected",
              "version": "21.23.12"
            },
            {
              "status": "affected",
              "version": "21.20.28"
            },
            {
              "status": "affected",
              "version": "21.22.ua5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco\u0026nbsp;RCM for Cisco\u0026nbsp;StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges\u0026nbsp;in the context of the configured container.\r\n\r\nThis vulnerability exists because the debug mode is incorrectly enabled for specific services. An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled. A successful exploit could allow the attacker to execute arbitrary commands as the root user.\r\nThe attacker would need to perform detailed reconnaissance to allow for unauthenticated access. The vulnerability can also be exploited by an authenticated attacker.\r\nCisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-489",
              "description": "Active Debug Code",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-15T15:59:07.107Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-rcm-vuls-7cS3Nuq",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rcm-vuls-7cS3Nuq"
        },
        {
          "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-FmbPu2pe",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-FmbPu2pe"
        },
        {
          "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tetr-cmd-injc-skrwGO",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tetr-cmd-injc-skrwGO"
        }
      ],
      "source": {
        "advisory": "cisco-sa-rcm-vuls-7cS3Nuq",
        "defects": [
          "CSCvy80878"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Redundancy Configuration Manager Debug Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2022-20649",
    "datePublished": "2024-11-15T15:59:07.107Z",
    "dateReserved": "2021-11-02T13:28:29.035Z",
    "dateUpdated": "2024-11-15T19:41:58.793Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-40419 (GCVE-0-2021-40419)

Vulnerability from cvelistv5 – Published: 2022-01-28 19:10 – Updated: 2025-04-15 19:21
VLAI
Summary
A firmware update vulnerability exists in the 'factory' binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability.
SSVC
Exploitation: poc Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:44:10.048Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1428"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-40419",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-15T18:21:29.939766Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-15T19:21:23.683Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A firmware update vulnerability exists in the \u0027factory\u0027 binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-489",
              "description": "CWE-489: Leftover Debug Code",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-28T19:10:07.000Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1428"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2021-40419",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A firmware update vulnerability exists in the \u0027factory\u0027 binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 10,
            "baseSeverity": null,
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-489: Leftover Debug Code"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1428",
              "refsource": "MISC",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1428"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2021-40419",
    "datePublished": "2022-01-28T19:10:07.000Z",
    "dateReserved": "2021-09-01T00:00:00.000Z",
    "dateUpdated": "2025-04-15T19:21:23.683Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Build and Compilation Distribution

Remove debug code before deploying the application.

CAPEC-121: Exploit Non-Production Interfaces

An adversary exploits a sample, demonstration, test, or debug interface that is unintentionally enabled on a production system, with the goal of gleaning information or leveraging functionality that would otherwise be unavailable.

CAPEC-661: Root/Jailbreak Detection Evasion via Debugging

An adversary inserts a debugger into the program entry point of a mobile application to modify the application binary, with the goal of evading Root/Jailbreak detection. Mobile device users often Root/Jailbreak their devices in order to gain administrative control over the mobile operating system and/or to install third-party mobile applications that are not provided by authorized application stores (e.g. Google Play Store and Apple App Store). Rooting/Jailbreaking a mobile device also provides users with access to system debuggers and disassemblers, which can be leveraged to exploit applications by dumping the application's memory at runtime in order to remove or bypass signature verification methods. This further allows the adversary to evade Root/Jailbreak detection mechanisms, which can result in execution of administrative commands, obtaining confidential data, impersonating legitimate users of the application, and more.