CVE-2026-22313
CriticalCVSS 9.1Exploitation Probability (EPSS)
Elevated risk56th percentile — higher than 56% of all known CVEs
Summary
The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability, an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying operating system.
Risk Assessment
An attacker with access to the management network can gain full control over the device, potentially leading to serious security breaches and data loss.
Recommendation
It is recommended to secure the API by implementing additional authorization mechanisms and regularly updating the device's software to eliminate known vulnerabilities.
Original NVD description (English source)
The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying operating system.

