CVE-2022-3203

Exploit

EPSS 0.85%
Veröffentlicht 21.10.2022 13:15:09
Zuletzt bearbeitet 21.11.2024 07:19:02
Quelle info@cert.vde.com
CVE-Watchlists
Login
Unerledigt
Login

ORing net IAP-420(+) Hidden Functionality

On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Oringnet ≫ Iap-420+ Firmware Version2.0m

Oringnet ≫ Iap-420+ Version-

Oringnet ≫ Iap-420 Firmware Version2.0m

Oringnet ≫ Iap-420 Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.85%	0.534

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
info@cert.vde.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-912 Hidden Functionality

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

https://mads.uniud.it/2022/09/lord-of-the-orings/

Third Party Advisory

Exploit

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2022-3203

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3203

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3203

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-3203