CVE-2022-37661
CVE-2022-37661
Vexday Risk Score
57Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS —EPSS 36.2%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Lifecycle
14 Sep 2022Published on NVD
11 Nov 2022Public PoC
Weaponization speed
58 daysto first PoC
Recommendation: Patch as soon as possible — active exploitation confirmed.
SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution (RCE) via the ping host feature.
Affected products
n/a · n/apublic PoCs found — 4
cve_referencepacketstormsecurity.com/files/168336/SmartRG-Router-2.6.13-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/169816/SmartRG-Router-SR510n-2.6.13-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/cve/CVE-2022-37661unverifiedexploitdbwww.exploit-db.com/exploits/51031unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://packetstormsecurity.com/files/168336/SmartRG-Router-2.6.13-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/169816/SmartRG-Router-SR510n-2.6.13-Remote-Code-Execution.htmlhttps://cxsecurity.com/issue/WLB-2022090029https://packetstormsecurity.com/files/cve/CVE-2022-37661