Login Sign Up

CVE-2022-45553

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This vulnerability allows attackers to execute arbitrary commands on Shenzhen Zhibotong Electronics WBT WE1626 routers by connecting to the UART serial port. Attackers with physical access to the device can gain complete control. Only users of this specific router model are affected.

💻 Affected Systems

Products:
  • Shenzhen Zhibotong Electronics WBT WE1626 Router
Versions: v21.06.18
Operating Systems: Embedded router OS
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running this firmware version are vulnerable. No special configuration required.

📦 What is this software?

We1626 Firmware by Zbt

View all CVEs affecting We1626 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to install persistent malware, intercept all network traffic, pivot to internal networks, and use the router as a botnet node.

🟠

Likely Case

Local attacker gains administrative access to router, modifies network settings, intercepts traffic, and potentially accesses connected devices.

🟢

If Mitigated

With physical security preventing unauthorized access to router hardware, impact is minimal as exploitation requires physical serial connection.

🌐 Internet-Facing: LOW - Exploitation requires physical access to the device's serial port, not network access.
🏢 Internal Only: MEDIUM - Physical access within organization could allow insider threat or visitor exploitation.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires physical access to router and basic serial connection tools. No authentication needed once physical access obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No vendor advisory found

Restart Required: No

Instructions:

No official patch available. Check vendor website for firmware updates. If update available, download from official source and flash via web interface.

🔧 Temporary Workarounds

Physical Security Hardening

all

Secure router in locked cabinet or restricted access area to prevent physical tampering.

Disable Serial Port

all

If firmware allows, disable UART debugging interface through configuration.

🧯 If You Can't Patch

  • Decommission vulnerable routers and replace with secure alternatives
  • Implement strict physical access controls and monitoring for router locations

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in web admin interface. If version is v21.06.18, device is vulnerable.

Check Version:

Check via router web interface at 192.168.1.1 or serial console connection

Verify Fix Applied:

Check if firmware version has been updated beyond v21.06.18. No official fix available to verify.

📡 Detection & Monitoring

Log Indicators:

  • Serial port access logs (if available)
  • Unexpected configuration changes
  • Unusual admin login patterns

Network Indicators:

  • Unexpected outbound connections from router
  • DNS or routing configuration changes

SIEM Query:

Search for router configuration changes outside maintenance windows or serial interface access attempts

📊 Metadata

CVE ID: CVE-2022-45553
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-94
Published: March 3, 2023
Last Updated: March 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-45553, you might also want to check these:

CVE-2025-62521 10.0

CVE-2025-62521 is a critical pre-authentication remote code execution vulnerability in ChurchCRM tha...

Same vulnerability type (CWE-94)
CVE-2026-26216 10.0

Crawl4AI versions before 0.8.0 contain an unauthenticated remote code execution vulnerability in the...

Same vulnerability type (CWE-94)
CVE-2021-22205 10.0

CVE-2021-22205 is a critical remote code execution vulnerability in GitLab CE/EE where improper vali...

Same vulnerability type (CWE-94)