CVE-2022-29539

Published: May 12, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. It does not properly check the parameters sent as input before they are processed on the server. Due to the lack of validation of user input, an unauthenticated attacker can bypass the syntax intended by the software (e.g., concatenate `&|;\r\ commands) and inject arbitrary system commands with the privileges of the application user.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.gruppotim.it/it/footer/red-team.html

x_refsource_MISC

https://www.resi.it/prodotti-soluzioni-commerciali/gemini-network-service-monitoring

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-29539

Description

Affected Products

References