CVE-2022-40765
is CVE-2022-40765real, exploitable, or a false positive? Here's the community ground truth.
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters.
References
Published
Embed this verdict
[](https://www.truepositive.app/cve/CVE-2022-40765)<a href="https://www.truepositive.app/cve/CVE-2022-40765"><img src="https://www.truepositive.app/cve/CVE-2022-40765/badge.svg" alt="TruePositive verdict for CVE-2022-40765"></a>Live badge — updates automatically as the community verdict changes.
Community ground truth
Community verdict
3 verdictsIncludes TruePositive's curated baseline from public sources — community verdicts accrue on top.
Pick your verdict — we'll save it right after a quick sign-in.
Practitioners rate this higher than its CVSS — treat with extra caution.
Field notes & remediation
Verdicts are the quick signal — notes are the evidence and fixes behind them.
- 0
Mitel MiVoice Connect Command Injection Vulnerability — The Mitel Edge Gateway component of MiVoice Connect allows an authenticated attacker with internal network access to execute commands within the context of the system. Listed in the CISA KEV catalog (added 2023-02-21) — confirmed exploited in the wild, not theoretical. It is linked to known ransomware campaigns. FIRST EPSS puts the chance of exploitation in the next 30 days at ~10%. Treat it as real and prioritize remediation over triage.
- 0
Required action for Mitel MiVoice Connect: Apply updates per vendor instructions. CISA set a federal remediation due date of 2023-03-14. After patching, verify the vulnerable path is no longer reachable before closing the finding.
Related CVEs
Same weakness — CWE-77.
- CVE-2023-1671CVSS 9.8KEVEPSS 100%
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.
- CVE-2024-21887CVSS 9.1KEVEPSS 100%
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
- CVE-2023-1389CVSS 8.8KEVEPSS 100%
TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.
- CVE-2012-1823CVSS 9.8KEVEPSS 100%
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
- CVE-2024-3273CVSS 7.3KEVEPSS 100%
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
- CVE-2025-10035CVSS 10KEVEPSS 100%
A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection.