Headline
CVE-2022-40021: CVE-2022-40021
QVidium Technologies Amino A140 (prior to firmware version 1.0.0-283) was discovered to contain a command injection vulnerability.
Skip to content
HOME
ABOUT
ADVISORIES
BLOG
PROJECTS
CONTACT
HOME
ABOUT
ADVISORIES
BLOG
PROJECTS
CONTACT
CVE-2022-40021barbarisch2023-02-09T20:39:46+00:00
SUMMARY
The following vulnerability were found in QVidium Technologies Amino A140.******CVE-2022-40021******Old versions of the QVidium Technologies Amino A140 set-top decoder contain a command injection vulnerability in the web management interface.
IMPACT
Access Vector:Local Network Exploitable
Access Complexity:Low
Authentication:Not required to exploit
Impact Type:Allows remote code execution, Allows disruption of service
Privilege Level:root
AFFECTED PRODUCTS
- QVidium Technologies Amino A140 (QVAM140)
SOFTWARE FIXES
The QVidium Technologies Amino A140 is a now an unsupported product. More recent versions of the product with updated firmware can be found at https://www.qvidium.com/QVDEC.html.
If you are unable to obtain the latest officially supported product, it is recommended that you block access to the web management ports on the device.
TIMELINE
8.31.2022
9.2.2022
Vendor acknowledges vulnerability in unsupported device
9.22.2022
10.11.2022
Vendor approves of disclosure details
2.10.2023
REFERNCES
- https://www.qvidium.com/QVDEC.html
Page load link