Lucene search

[email protected]NVD:CVE-2022-27632

HistoryMay 18, 2022 - 3:15 p.m.

CVE-2022-27632

2022-05-1815:15:10

CWE-352

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

38.6%

JSON

Cross-site request forgery (CSRF) vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini RPC-M4H [End of Sale] all firmware versions, WATCH BOOT nino RPC-M2CS firmware version 1.00A to 1.00D, WATCH BOOT light RPC-M5CS firmware version 1.00A to 1.00D, WATCH BOOT L-zero RPC-M4LS firmware version 1.00A to 1.20A, and Signage Rebooter RPC-M4HSi firmware version 1.00A), PoE Rebooter(PoE BOOT nino PoE8M2 firmware version 1.00A to 1.20A), Scheduler(TIME BOOT mini RSC-MT4H [End of Sale] all firmware versions, TIME BOOT RSC-MT8F [End of Sale] all firmware versions, TIME BOOT RSC-MT8FP [End of Sale] all firmware versions, TIME BOOT mini RSC-MT4HS firmware version 1.00A to 1.10A, and TIME BOOT RSC-MT8FS firmware version 1.00A to 1.00E), and Contact Converter(POSE SE10-8A7B1 firmware version 1.00A to 1.20A) allows a remote attacker to hijack the authentication of an administrator and conduct arbitrary operations by having a user to view a specially crafted page.

Affected configurations

NVD

Node

meikyowatch_boot_nino_rpc-m2c_firmwareMatch-

AND

meikyowatch_boot_nino_rpc-m2cMatch-

Node

meikyowatch_boot_light_rpc-m5c_firmwareMatch-

AND

meikyowatch_boot_light_rpc-m5cMatch-

Node

meikyowatch_boot_l-zero_rpc-m4l_firmwareMatch-

AND

meikyowatch_boot_l-zero_rpc-m4lMatch-

Node

meikyowatch_boot_mini_rpc-m4h_firmwareMatch-

AND

meikyowatch_boot_mini_rpc-m4hMatch-

Node

meikyowatch_boot_nino_rpc-m2cs_firmwareRange1.00a–1.00d

AND

meikyowatch_boot_nino_rpc-m2csMatch-

Node

meikyowatch_boot_light_rpc-m5cs_firmwareRange1.00a–1.00d

AND

meikyowatch_boot_light_rpc-m5csMatch-

Node

meikyowatch_boot_l-zero_rpc-m4ls_firmwareRange1.00a–1.20a

AND

meikyowatch_boot_l-zero_rpc-m4lsMatch-

Node

meikyosignage_rebooter_rpc-m4hsi_firmwareMatch1.00a

AND

meikyosignage_rebooter_rpc-m4hsiMatch-

Node

meikyopoe_boot_nino_poe8m2_firmwareRange1.00a–1.20a

AND

meikyopoe_boot_nino_poe8m2Match-

Node

meikyotime_boot_mini_rsc-mt4h_firmwareMatch-

AND

meikyotime_boot_mini_rsc-mt4hMatch-

Node

meikyotime_boot_rsc-mt8f_firmwareMatch-

AND

meikyotime_boot_rsc-mt8fMatch-

Node

meikyotime_boot_rsc-mt8fp_firmwareMatch-

AND

meikyotime_boot_rsc-mt8fpMatch-

Node

meikyotime_boot_mini_rsc-mt4hs_firmwareRange1.00a–1.10a

AND

meikyotime_boot_mini_rsc-mt4hsMatch-

Node

meikyotime_boot_rsc-mt8fs_firmwareRange1.00a–1.00e

AND

meikyotime_boot_rsc-mt8fsMatch-

Node

meikyopose_se10-8a7b1_firmwareRange1.00a–1.20a

meikyopose_se10-8a7b1_firmwareMatch-

AND

meikyopose_se10-8a7b1Match-

References

jvn.jp/en/jp/JVN58266015/index.html

www.meikyo.co.jp/vln/

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

38.6%

JSON

Related for NVD:CVE-2022-27632

cve1 cvelist1 prion1 jvn1