Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2022-37109
HistoryNov 14, 2022 - 12:00 a.m.

CVE-2022-37109

2022-11-1400:00:00
mitre
www.cve.org
cve-2022-37109
patrickfuller
incorrect access control
password.txt
staticfilehandler
tornado
403 error
password hash
authentication cookie

AI Score

9.9

Confidence

High

EPSS

0.019

Percentile

88.7%

JSON

patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control. Access to the password.txt file is not properly restricted as it is in the root directory served by StaticFileHandler and the Tornado rule to throw a 403 error when password.txt is accessed can be bypassed. Furthermore, it is not necessary to crack the password hash to authenticate with the application because the password hash is also used as the cookie secret, so an attacker can generate his own authentication cookie.

Related

packetstorm 1
zdt 1
prion 1
nvd 1
osv 1
exploitdb 1
cve 1
packetstorm
packetstorm
Raspberry Pi Camera Server 1.0 Authentication Bypass
2023-03-27 00:00:00
zdt
zdt
Raspberry Pi Camera Server 1.0 Authentication Bypass Vulnerability
2023-03-27 00:00:00
prion
prion
Improper access control
2022-11-14 21:15:00
nvd
nvd
CVE-2022-37109
2022-11-14 21:15:13
osv
osv
CVE-2022-37109
2022-11-14 21:15:13
exploitdb
exploitdb
"camp" Raspberry Pi camera server 1.0 - Authentication Bypass
2023-03-25 00:00:00
cve
cve
CVE-2022-37109
2022-11-14 21:15:13

AI Score

9.9

Confidence

High

EPSS

0.019

Percentile

88.7%

JSON
Related for CVELIST:CVE-2022-37109
packetstorm1zdt1prion1nvd1osv1exploitdb1cve1