← Zuruck zu CVEs
CVE-2022-3203
CRITICAL9.8
Beschreibung
On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht10/21/2022
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
oringnet:iap-420oringnet:iap-420\+oringnet:iap-420\+_firmwareoringnet:iap-420_firmware
Schwachen (CWE)
CWE-912
Referenzen
https://mads.uniud.it/2022/09/lord-of-the-orings/(info@cert.vde.com)
https://mads.uniud.it/2022/09/lord-of-the-orings/(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.