CVE-2022-28127 An API vulnerability in Robustel R1510 3.3.0 allows deletion of arbitrary files.

CVE-2022-28127 An API vulnerability in Robustel R1510 3.3.0 allows deletion of arbitrary files.

Robustel has acknowledged this issue and released version R1512.

Vulnerability – SQL Injection

A vulnerability was discovered in Robustel, which can allow attackers to access certain information on the database. This is due to the fact that SQL Injection has occurred in a specific search function.

This vulnerability can be exploited by sending a search query without quotation marks. This means that an attacker could send an SQL injection attack, allowing them to view or execute arbitrary data or commands on the database and potentially cause the site to crash.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe