← Back to CVEs
CVE-2022-47561
HIGH7.3
Description
The web application stores credentials in clear text in the "admin.xml" file, which can be accessed without logging into the website, which could allow an attacker to obtain credentials related to all users, including admin users, in clear text, and use them to subsequently execute malicious actions.
CVE Details
CVSS v3.1 Score7.3
SeverityHIGH
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published9/20/2023
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
ormazabal:ekorccpormazabal:ekorccp_firmwareormazabal:ekorrciormazabal:ekorrci_firmware
Weaknesses (CWE)
CWE-256CWE-522
References
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products(cve-coordination@incibe.es)
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.