CVE-2022-35239

EPSS 0.98%
Veröffentlicht 16.08.2022 08:15:08
Zuletzt bearbeitet 21.11.2024 07:10:57
Quelle vultures@jpcert.or.jp
Teams Watchlist Login
Unerledigt Login

The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated attacker uploads a specially crafted PHP file.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Contec ≫ Sv-cpt-mc310f Firmware Version < 7.24

Contec ≫ Sv-cpt-mc310f Version-

Contec ≫ Sv-cpt-mc310 Firmware Version < 7.24

Contec ≫ Sv-cpt-mc310 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.98%	0.757

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://jvn.jp/en/vu/JVNVU93696585/

Third Party Advisory

https://www.contec.com/jp/api/downloadlogger?download=/jp/-/media/Contec/jp/support/security-info/contec_security_solarview_220727.pdf

Vendor Advisory

https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-35239

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-35239

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-35239

EUVD