← Volver a CVEs
CVE-2022-3203
CRITICAL9.8
Descripcion
On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado10/21/2022
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
oringnet:iap-420oringnet:iap-420\+oringnet:iap-420\+_firmwareoringnet:iap-420_firmware
Debilidades (CWE)
CWE-912
Referencias
https://mads.uniud.it/2022/09/lord-of-the-orings/(info@cert.vde.com)
https://mads.uniud.it/2022/09/lord-of-the-orings/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.