9.8

CVE-2022-42785

Multiple W&T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request.

Data is provided by the National Vulnerability Database (NVD)
WutAt-modem-emulator Firmware Version < 1.48
   WutAt-modem-emulator Version-
WutCom-server ++ Firmware Version < 1.48
   WutCom-server ++ Version-
WutCom-server 20ma Firmware Version < 1.48
   WutCom-server 20ma Version-
WutCom-server Highspeed Oem Firmware Version < 1.76
   WutCom-server Highspeed Oem Version-
WutCom-server Highspeed Poe Firmware Version < 1.76
   WutCom-server Highspeed Poe Version-
WutCom-server Highspeed Lc Firmware Version < 1.48
   WutCom-server Highspeed Lc Version-
WutCom-server Highspeed Ul Firmware Version < 1.48
   WutCom-server Highspeed Ul Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.54% 0.668
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
info@cert.vde.com 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.