8.8

CVE-2022-36159

Exploit
Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow. As the password strength is weak, it can be cracked in few minutes. Through this credential, a malicious actor can access the Wireless LAN Manager interface and open the telnet port then sniff the traffic or inject any malware.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ContecFxa3000 Firmware Version <= 1.13.00
   ContecFxa3000 Version-
ContecFxa3020 Firmware Version <= 1.13.00
   ContecFxa3020 Version-
ContecFxa3200 Firmware Version <= 1.13.00
   ContecFxa3200 Version-
ContecFxa2000 Firmware Version < 1.39.00
   ContecFxa2000 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.511
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://jvn.jp/en/vu/JVNVU98305100/
Patch
Third Party Advisory