CVE-2022-1039

EPSS 0.21%
Veröffentlicht 20.04.2022 16:15:08
Zuletzt bearbeitet 21.11.2024 06:39:54
Quelle ics-cert@hq.dhs.gov
Teams Watchlist Login
Unerledigt Login

The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access has been obtained, the other passwords can be changed. The weak password on Linux accounts can be accessed via SSH or Telnet, the former of which is by default enabled on trusted interfaces. While the SSH service does not support root login, a user logging in using either of the other Linux accounts may elevate to root access using the su command if they have access to the associated password.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redlion ≫ Da50n Firmware

Redlion ≫ Da50n Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.433

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C
ics-cert@hq.dhs.gov	9.6	2.8	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE-521 Weak Password Requirements

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-03

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2022-1039

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-1039

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-1039

EUVD