Lucene search

[email protected]NVD:CVE-2022-35122

HistoryAug 17, 2022 - 9:15 p.m.

CVE-2022-35122

2022-08-1721:15:09

CWE-306

[email protected]

web.nvd.nist.gov

access control

ecowitt gw1100

weather stations

sensitive information

wifi passwords

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS

0.005

Percentile

76.1%

JSON

An access control issue in Ecowitt GW1100 Series Weather Stations <=GW1100B_v2.1.5 allows unauthenticated attackers to access sensitive information including device and local WiFi passwords.

Affected configurations

Nvd

Node

ecowittgw1100Match-

AND

ecowittgw1100_firmwareRange≤2.1.5

VendorProductVersionCPE
ecowittgw1100-cpe:2.3:h:ecowitt:gw1100:-:*:*:*:*:*:*:*
ecowittgw1100_firmware*cpe:2.3:o:ecowitt:gw1100_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ecowitt	gw1100	-	cpe:2.3:h:ecowitt:gw1100:-:::::::*
ecowitt	gw1100_firmware	*	cpe:2.3:o:ecowitt:gw1100_firmware::::::::

References

www.pizzapower.me/2022/06/30/the-incredibly-insecure-weather-station/

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS

0.005

Percentile

76.1%

JSON

Related for NVD:CVE-2022-35122

prion1 cvelist1 cve1