CVE-2022-23332 – This CVE describes a command injection vulnerab... (How to Fix)

Q: What is the severity of CVE-2022-23332?

CVE-2022-23332 has a CVSS score of 8.8 (HIGH). This CVE describes a command injection vulnerability in the manual ping form of Shenzhen Ejoin Information Technology's ACOM508/ACOM516/ACOM532 devices. Attackers can inject arbitrary commands via the web UI field, potentially gaining remote code execution. Organizations using these specific Ejoin devices are affected.

📋 TL;DR

This CVE describes a command injection vulnerability in the manual ping form of Shenzhen Ejoin Information Technology's ACOM508/ACOM516/ACOM532 devices. Attackers can inject arbitrary commands via the web UI field, potentially gaining remote code execution. Organizations using these specific Ejoin devices are affected.

💻 Affected Systems

Products:

Shenzhen Ejoin Information Technology Co., Ltd. ACOM508
ACOM516
ACOM532

Versions: 609-915-041-100-020

Operating Systems: Embedded/Proprietary

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web UI manual ping functionality specifically.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attacker to execute arbitrary commands with device privileges, potentially leading to data theft, lateral movement, or device takeover.

🟠

Likely Case

Remote code execution leading to device compromise, data exfiltration, or use as a foothold in the network.

🟢

If Mitigated

Limited impact if proper input validation and network segmentation are implemented, potentially only affecting the web service.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available on GitHub, making this easily exploitable.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: http://en.ejointech.com/

Restart Required: No

Instructions:

Check vendor website for security updates. No specific patch information available in public sources.

🔧 Temporary Workarounds

Disable Web UI Ping Function

all

Disable or restrict access to the manual ping functionality in the web interface.

Network Segmentation

all

Isolate affected devices in separate network segments with strict firewall rules.

🧯 If You Can't Patch

Implement strict input validation and sanitization for all web UI fields
Deploy web application firewall (WAF) with command injection rules

🔍 How to Verify

Check if Vulnerable:

Test the manual ping form in the web UI for command injection by attempting to inject shell commands.

Check Version:

Check device firmware version in web UI or via device management interface.

Verify Fix Applied:

Verify that command injection attempts in the ping form are properly sanitized or rejected.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in system logs
Multiple ping attempts with suspicious parameters

Network Indicators:

Unusual outbound connections from device
Traffic to unexpected ports

SIEM Query:

source="device_logs" AND ("ping" AND ("|" OR ";" OR "$" OR "`"))

📊 Metadata

CVE ID: CVE-2022-23332

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: May 9, 2022

Last Updated: November 21, 2024

🔗 References

http://en.ejointech.com/ Vendor Advisory
https://drive.google.com/drive/folders/1QRs6wos3mL9289TTUm98n5OmgBVrbYTx Exploit,Third Party Advisory
https://github.com/kyl3song/CVE/tree/main/CVE-2022-23332 Exploit,Third Party Advisory
http://en.ejointech.com/ Vendor Advisory
https://drive.google.com/drive/folders/1QRs6wos3mL9289TTUm98n5OmgBVrbYTx Exploit,Third Party Advisory
https://github.com/kyl3song/CVE/tree/main/CVE-2022-23332 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-23332, you might also want to check these: