CVE-2022-35239

EPSS 0.98%
Published 16.08.2022 08:15:08
Last modified 21.11.2024 07:10:57
Source vultures@jpcert.or.jp
Teams watchlist Login
Open Login

The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated attacker uploads a specially crafted PHP file.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Contec ≫ Sv-cpt-mc310f Firmware Version < 7.24

Contec ≫ Sv-cpt-mc310f Version-

Contec ≫ Sv-cpt-mc310 Firmware Version < 7.24

Contec ≫ Sv-cpt-mc310 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.98%	0.757

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://jvn.jp/en/vu/JVNVU93696585/

Third Party Advisory

https://www.contec.com/jp/api/downloadlogger?download=/jp/-/media/Contec/jp/support/security-info/contec_security_solarview_220727.pdf

Vendor Advisory

https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-35239

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-35239

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-35239

EUVD