← Retour aux CVEs
CVE-2022-3203
CRITICAL9.8
Description
On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie10/21/2022
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
oringnet:iap-420oringnet:iap-420\+oringnet:iap-420\+_firmwareoringnet:iap-420_firmware
Faiblesses (CWE)
CWE-912
References
https://mads.uniud.it/2022/09/lord-of-the-orings/(info@cert.vde.com)
https://mads.uniud.it/2022/09/lord-of-the-orings/(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.