Security Advisory: Remote Command Execution in binwalk
A security vulnerability was discovered in ReFirm Labs' binwalk software. The issue is a path traversal vulnerability that affects versions 2.1.2b to 2.3.2. The vulnerability allows remote attackers to execute arbitrary code on systems where the software is installed. The target must open a malicious file using binwalk's extract mode for the exploit to be successful. No vendor advisory or fixed version has been released at the time of the advisory, but the vulnerability has been assigned CVE-2022-4510 and has a high CVSS score of 7.8. The path traversal was discovered by ONEKEY Research Lab.
Further readingExhibitor: ONEKEY GmbH