Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-4510
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Path Traversal in binwalk
Source: NVD (National Vulnerability Database)
Vulnerability Description
A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction, would extract a malicious binwalk module into the folder .config/binwalk/plugins. This vulnerability is associated with program files src/binwalk/plugins/unpfs.py. This issue affects binwalk from 2.1.2b through 2.3.3 included.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Binwalk 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Binwalk是ReFirm Labs开源的一种快速、易于使用的工具。用于分析、逆向工程和提取固件图像。 ReFirm Labs Binwalk 2.1.2b版本至2.3.2版本存在路径遍历漏洞,该漏洞源于存在路径遍历,通过制作恶意PFS文件系统文件,攻击者可以在任意位置提取文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
Refirm Labsbinwalk 2.1.2b ~ 2.3.3 -
II. Public POCs for CVE-2022-4510
#POC DescriptionSource LinkShenlong Link
1Binwalk Remote Command Executionhttps://github.com/electr0sm0g/CVE-2022-4510POC Details
2A Python script for generating exploits targeting CVE-2022-4510 RCE Binwalk. It supports SSH, command execution, and reverse shell options. Exploits are saved in PNG format. Ideal for testing and demonstrations.https://github.com/adhikara13/CVE-2022-4510-WalkingPathPOC Details
3Python script that generates pfs payloads to exploit CVE-2022-4510https://github.com/Kalagious/BadPfsPOC Details
4Python script that generates pfs payloads to exploit CVE-2022-4510https://github.com/Kalagious/BadPfs-CVE-2022-4510POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2022-4510
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: binwalk
Same vendor: Refirm Labs
Same weakness: CWE-22
V. Comments for CVE-2022-4510

No comments yet

Leave a comment