AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2022-29539: resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. It does not properly check the parameters sen

criticalvulnerability

security

Source: NVD/CVE DatabaseMay 12, 2022CVE-2022-29539

Summary

CVE-2022-29539 is a vulnerability in RESI Gemini-Net 4.2 where the resi-calltrace component fails to validate user input before processing it on the server, allowing attackers to perform OS command injection (injecting arbitrary system commands by exploiting improper input checking). An unauthenticated attacker can bypass the intended syntax rules and execute commands with the same privileges as the application.

Vulnerability Details

CVSS Score

9.8(critical)

EPSS (30-day exploit probability)

EPSS: 2.2%

Classification

Attack SophisticationTrivial

Taxonomy References

CWE (Weakness Type)

CWE-78

CAPEC (Attack Pattern)

CAPEC-88

Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-29539

First tracked: February 15, 2026 at 08:51 PM

Classified by LLM (prompt v3) · confidence: 95%