9.1
CVE-2022-38789
- EPSS 0.88%
- Veröffentlicht 15.09.2022 12:15:09
- Zuletzt bearbeitet 21.11.2024 07:17:05
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Airties ≫ Air 4920 Firmware Version < 2020-08-04
Airties ≫ Air 4921 Firmware Version < 2020-08-04
Airties ≫ Air 4971 Firmware Version < 2020-08-04
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.88% | 0.542 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
https://airties.com/airties-information-security-policy/
https://github.com/ProxyStaffy/Airties-CVE-2022-38789/blob/main/Description