CVE-2022-32429

2022-08-1020:15:48

CWE-287

mitre

web.nvd.nist.gov

security

authentication-bypass

remote code execution

cve-2022-32429

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.231

Percentile

96.6%

JSON

An authentication-bypass issue in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh of Mega System Technologies Inc MSNSwitch MNT.2408 allows unauthenticated attackers to arbitrarily configure settings within the application, leading to remote code execution.

Affected configurations

Nvd

Node

megatechmsnswitch_firmwareMatchmnt.2408

AND

megatechmsnswitchMatch-

VendorProductVersionCPE
megatechmsnswitch_firmwaremnt.2408cpe:2.3:o:megatech:msnswitch_firmware:mnt.2408:*:*:*:*:*:*:*
megatechmsnswitch-cpe:2.3:h:megatech:msnswitch:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
megatech	msnswitch_firmware	mnt.2408	cpe:2.3:o:megatech:msnswitch_firmware:mnt.2408:::::::*
megatech	msnswitch	-	cpe:2.3:h:megatech:msnswitch:-:::::::*