CVE-2022-29897— PHOENIX CONTACT RAD-ISM-900-EN-* 输入验证错误漏洞

Remote Code Execution in all versions of various RAD-ISM-900-EN-* devices by PHOENIX CONTACT

On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the traceroute utility integrated in the WebUI to execute arbitrary code with root privileges on the OS due to an improper input validation in all versions of the firmware.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

输入验证不恰当

PHOENIX CONTACT RAD-ISM-900-EN-* 输入验证错误漏洞

PHOENIX CONTACT RAD-ISM-900-EN-*是德国PHOENIX CONTACT公司的一系列无线模块以太网收发器。 PHOENIX CONTACT 的 RAD-ISM-900-EN-* 设备存在输入验证错误漏洞，该漏洞源于输入验证不正确。攻击者利用该漏洞使用 WebUI 中集成的 traceroute 程序在操作系统上以 root 权限执行任意代码。

N/A

N/A