CVE-2022-1357

CWE-78: IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION')
The affected On-Premise cnMaestro allows an unauthenticated attacker to access the cnMaestro server and execute arbitrary code in the privileges of the web server. This lack of validation could allow an attacker to append arbitrary data to the logger command.

Risk Information

  • CVE ID
  • CVE-2022-1357
  • Vendor
  • Cambium Networks
  • Product
  • cnMaestro
  • CVSS v3
  • 9.8