CVE-2022-35268

2022-10-2517:15:54

CWE-755

CWE-125

[email protected]

web.nvd.nist.gov

cve-2022-35268

denial of service

web server

robustel r1510

security vulnerability

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

36.8%

JSON

A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the /action/import_sdk_file/ API.

Affected configurations

Vulners

NVD

Node

robustelr1510Range≤3.1.16

robustelr1510Range≤3.3.0

VendorProductVersionCPE
robustelr1510*cpe:2.3:h:robustel:r1510:*:*:*:*:*:*:*:*
robustelr1510*cpe:2.3:h:robustel:r1510:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
robustel	r1510	*	cpe:2.3:h:robustel:r1510::::::::
robustel	r1510	*	cpe:2.3:h:robustel:r1510::::::::

CNA Affected

[
  {
    "vendor": "Robustel",
    "product": "R1510",
    "versions": [
      {
        "version": "3.1.16",
        "status": "affected"
      },
      {
        "version": "3.3.0",
        "status": "affected"
      }
    ]
  }
]