CVE-2022-1039

EPSS 0.21%
Published 20.04.2022 16:15:08
Last modified 21.11.2024 06:39:54
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access has been obtained, the other passwords can be changed. The weak password on Linux accounts can be accessed via SSH or Telnet, the former of which is by default enabled on trusted interfaces. While the SSH service does not support root login, a user logging in using either of the other Linux accounts may elevate to root access using the su command if they have access to the associated password.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Redlion ≫ Da50n Firmware

Redlion ≫ Da50n Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.21%	0.433

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C
ics-cert@hq.dhs.gov	9.6	2.8	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE-521 Weak Password Requirements

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-03

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2022-1039

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-1039

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-1039

EUVD