Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2022-32429

šŸ—“ļøĀ 09 Aug 2022Ā 00:00:00Reported byĀ mitreTypeĀ 
cve
Ā cvešŸ”—Ā web.nvd.nist.govšŸ“°ļøĀ 3Ā Media mentionsšŸ‘Ā 95Ā ViewsšŸŒ WEB

An authentication-bypass issue in Mega System Technologies Inc MSNSwitch MNT.240

Related
Detection
Refs
Paths
Social
ReporterTitlePublishedViews
Family
0day.today		MSNSwitch Firmware MNT.2408 - Remote Code Exectuion Exploit
11 Nov 202200:00
ā€“zdt
ATTACKERKB		CVE-2022-32429
10 Aug 202220:15
ā€“attackerkb
Circl		CVE-2022-32429
11 Aug 202200:32
ā€“circl
CNNVD		MSNSwitch ęŽˆęƒé—®é¢˜ę¼ę“ž
10 Aug 202200:00
ā€“cnnvd
Cvelist		CVE-2022-32429
9 Aug 202200:00
ā€“cvelist
Exploit DB		MSNSwitch Firmware MNT.2408 - Remote Code Execution
11 Nov 202200:00
ā€“exploitdb
Nuclei		MSNSwitch Firmware MNT.2408 - Authentication Bypass
25 Jun 202601:31
ā€“nuclei
NVD		CVE-2022-32429
10 Aug 202220:15
ā€“nvd
OSV		CVE-2022-32429
10 Aug 202220:15
ā€“osv
Packet Storm		MSNSwitch Firmware MNT.2408 Remote Code Execution
11 Nov 202200:00
ā€“packetstorm
Rows per page
NVD
Node
megatechmsnswitch_firmwareMatchmnt.2408
AND
megatechmsnswitchMatch-
ParameterPositionPathDescriptionCWE
Account1pathcgi-bin-hax/ExportSettings.shUnauthenticated access enables retrieval of credentials from device configuration.CWE-287
Password1pathcgi-bin-hax/ExportSettings.shUnauthenticated access enables retrieval of credentials from device configuration.CWE-287
loginpathgoform/loginAuthentication endpoint used to obtain an authenticated session for further exploitation.CWE-287
userpathgoform/loginAuthentication endpoint used to obtain an authenticated session for further exploitation.CWE-287
passwordpathgoform/loginAuthentication endpoint used to obtain an authenticated session for further exploitation.CWE-287
firmware_urlquery paramcgi-bin/upgrade.cgiAuthenticated command execution vector via crafted firmware_url parameter and CSRF token.CWE-287
csrftokenquery paramcgi-bin/upgrade.cgiAuthenticated command execution vector via crafted firmware_url parameter and CSRF token.CWE-287

Data

Build on a solid foundation withĀ Vulners data

WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data

Api

Power your application withĀ Vulners API

The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access

App

Assess and manage vulnerabilities withĀ VulnersĀ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Jun 2026 04:47Current
9.7High risk
Vulners AI Score9.7
CVSS 3.19.8
EPSS0.7572
CWE-287
securityauthentication-bypassremote code executioncve-2022-32429
95