CVE-2022-4980

🗓️ 19 Sep 2025 18:55:02Reported by VulnCheckType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 12 Views

Unauthenticated admin creation in General Bytes Crypto Application Server allows remote takeover via first-admin page.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2022-4980	20 Sep 202521:02	–	circl
CNNVD	General Bytes Crypto Application Server 安全漏洞	19 Sep 202500:00	–	cnnvd
Cvelist	CVE-2022-4980 General Bytes Crypto Application Server (CAS) Unauthenticated Creation of Admin Account via Default-installation/First-admin Page	19 Sep 202518:55	–	cvelist
EUVD	EUVD-2025-30276	3 Oct 202520:07	–	euvd
NVD	CVE-2022-4980	19 Sep 202519:15	–	nvd
Positive Technologies	PT-2025-38603	19 Sep 202500:00	–	ptsecurity
RedhatCVE	CVE-2022-4980	21 Sep 202519:24	–	redhatcve
VulnCheck KEV	VulnCheck KEV: CVE-2022-4980	2 Sep 202200:00	–	vulncheck_kev
Vulnrichment	CVE-2022-4980 General Bytes Crypto Application Server (CAS) Unauthenticated Creation of Admin Account via Default-installation/First-admin Page	19 Sep 202518:55	–	vulnrichment

Vulners

CNA

Node

general_bytes crypto_application_serverRange20201208–20220725.22linux

general_bytes crypto_application_serverRange20201208–20220531.38linux

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Admin web interface — default-installation / first-admin creation page (admin service; ports 7777/443)"
    ],
    "platforms": [
      "Linux"
    ],
    "product": "Crypto Application Server (CAS)",
    "vendor": "General Bytes",
    "versions": [
      {
        "lessThan": "20220725.22",
        "status": "affected",
        "version": "20201208",
        "versionType": "custom"
      },
      {
        "lessThan": "20220531.38",
        "status": "affected",
        "version": "20201208",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
news	www.news.sophos.com/en-us/2022/08/23/bitcoin-atms-leeched-by-attackers-who-created-fake-admin-accounts/
halborn	www.halborn.com/blog/post/explained-the-general-bytes-bitcoin-atm-hack-august-2022
vulncheck	www.vulncheck.com/advisories/general-bytes-cas-unauth-creation-of-admin-account-via-default-installation-first-admin-page
incibe	www.incibe.es/en/incibe-cert/publications/cybersecurity-highlights/0day-vulnerability-exploited-general-bytes
generalbytes	www.generalbytes.atlassian.net/wiki/spaces/ESD/pages/2785509377/Security%2BIncident%2B
thehackernews	www.thehackernews.com/2022/08/hackers-stole-crypto-from-bitcoin-atms.html

15 Apr 2026 00:35Current

6.8Medium risk

Vulners AI Score6.8

CVSS 49.3

EPSS0.00751

SSVC

CWE-306