CVE-2022-50919

Tdarr · Tdarr

Tdarr 2.00.15 is susceptible to unauthenticated remote code execution via command injection in the Help terminal, allowing attackers to execute arbitrary commands.

Executive summary

A critical unauthenticated remote code execution vulnerability exists in Tdarr 2.00.15, posing a severe risk of full system compromise.

Vulnerability

This is a command injection vulnerability located in the Help terminal component. The application fails to perform adequate input filtering, allowing an unauthenticated attacker to inject and chain arbitrary system commands.

Business impact

The ability for an unauthenticated attacker to execute arbitrary code on the host server presents a critical business risk. Successful exploitation could lead to full system takeover, unauthorized access to sensitive media processing data, and potential lateral movement within the network. With a CVSS score of 9.8, this vulnerability is classified as critical and requires immediate attention to prevent catastrophic data breaches or service disruption.

Remediation

Immediate Action: Update Tdarr to the latest available version as provided by the vendor to resolve the command injection flaw.

Proactive Monitoring: Review system and application access logs for unusual command strings or suspicious child processes originating from the Tdarr service.

Compensating Controls: Deploy a Web Application Firewall (WAF) with rules configured to block malicious command injection patterns targeting terminal or help parameters.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Given the critical CVSS 9.8 rating and the ability for unauthenticated attackers to achieve remote code execution, this vulnerability poses a severe threat. Administrators should prioritize updating the Tdarr software immediately and isolate affected systems from the public internet until the patch is successfully applied.