CVE-2021-22646

Summary

The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution.

Affected Software

VendorProductVersion RangeStatus
OvarroTBoxLT2affected
OvarroTBoxMS-CPU32affected
OvarroTBoxMS-CPU32-S2affected
OvarroTBoxRM2affected
OvarroTBoxTG2affected

Weaknesses

  • CVE-94

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References