Lucene search

MitreCVE-2022-30036

HistoryAug 21, 2022 - 4:15 a.m.

CVE-2022-30036

2022-08-2104:15:11

CWE-798

mitre

web.nvd.nist.gov

cve-2022-30036

ma lighting

grandma2 light

password vulnerability

root account

isolated networks

grandma3

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

37.3%

JSON

MA Lighting grandMA2 Light has a password of root for the root account. NOTE: The vendor’s position is that the product was designed for isolated networks. Also, the successor product, grandMA3, is not affected by this vulnerability.

Affected configurations

Nvd

Node

malightinggrandma2_light_firmwareMatch-

AND

malightinggrandma2_lightMatch-

VendorProductVersionCPE
malightinggrandma2_light_firmware-cpe:2.3:o:malighting:grandma2_light_firmware:-:*:*:*:*:*:*:*
malightinggrandma2_light-cpe:2.3:h:malighting:grandma2_light:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
malighting	grandma2_light_firmware	-	cpe:2.3:o:malighting:grandma2_light_firmware:-:::::::*
malighting	grandma2_light	-	cpe:2.3:h:malighting:grandma2_light:-:::::::*

References

parzival.sh/posts/Pwning-a-Lighting-Console-in-a-Few-Minutes/

www.malighting.com/product-archive/product/grandma2-light-120112/

Social References

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

37.3%

JSON

Related for CVE-2022-30036