CVE-2022-28127 An API vulnerability in Robustel R1510 3.3.0 allows deletion of arbitrary files.

Robustel has acknowledged this issue and released version R1512.

Vulnerability – SQL Injection

A vulnerability was discovered in Robustel, which can allow attackers to access certain information on the database. This is due to the fact that SQL Injection has occurred in a specific search function.

This vulnerability can be exploited by sending a search query without quotation marks. This means that an attacker could send an SQL injection attack, allowing them to view or execute arbitrary data or commands on the database and potentially cause the site to crash.

Timeline

Published on: 06/30/2022 19:15:00 UTC
Last modified on: 07/12/2022 19:31:00 UTC

References

• https://talosintelligence.com/vulnerability_reports/TALOS-2022-1571
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28127