VYPR
Unrated severityNVD Advisory· Published Dec 1, 2022· Updated Apr 14, 2025

OS command injection in ASUS M25 NAS

CVE-2022-4221

Description

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Asus/NAS-M25llm-create2 versions
    <=1.0.1.7+ 1 more
    • (no CPE)range: <=1.0.1.7
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.