CVE-2022-40740 HIGH

CVE-2022-40740: Realtek GPON router - Command Injection

Vendor Realtek

Product GPON router

Weakness CWE-78

Published January 3, 2023

Last update April 10, 2025

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Realtek GPON router has insufficient filtering for special characters. A remote attacker authenticated as an administrator can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service.

Key dates

02Disclosure timeline

January 3, 2023 CVE published

April 10, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-40740 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

04Related CVE

CVE-2026-49869 Kestra: Unauthenticated Remote Code Execution via Authentication Bypass in `AuthenticationFilter` CVE-2026-5995 Totolink A7100RU CGI cstecgi.cgi setMiniuiHomeInfoShow os command injection CVE-2023-4033 OS Command Injection in mlflow/mlflow CVE-2019-1864 Cisco Integrated Management Controller Command Injection Vulnerability CVE-2025-9976 OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x