CVE-2022-36158 Information

Description

Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page (/usr/www/ja/mnt_cmd.cgi).

Reference

https://www.contec.com/products-services/computer-networking/flexlan-fx/fx-accesspoint/fxa3200/feature/#section https://samy.link/blog/contec-flexlan-fxa2000-and-fxa3000-series-vulnerability-repo https://gist.github.com/Nwqda/aac33d1936d2b514a3268f145345abb4 https://jvn.jp/en/vu/JVNVU98305100/