8.8
CVE-2022-36159
- EPSS 0.11%
- Published 26.09.2022 11:15:09
- Last modified 21.05.2025 18:15:47
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow. As the password strength is weak, it can be cracked in few minutes. Through this credential, a malicious actor can access the Wireless LAN Manager interface and open the telnet port then sniff the traffic or inject any malware.
Data is provided by the National Vulnerability Database (NVD)
Contec ≫ Fxa3000 Firmware Version <= 1.13.00
Contec ≫ Fxa3020 Firmware Version <= 1.13.00
Contec ≫ Fxa3200 Firmware Version <= 1.13.00
Contec ≫ Fxa2000 Firmware Version < 1.39.00
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.293 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.