Lucene search

[email protected]NVD:CVE-2022-45599

HistoryFeb 22, 2023 - 10:15 p.m.

CVE-2022-45599

2023-02-2222:15:11

CWE-522

[email protected]

web.nvd.nist.gov

aztech wmb250ac

mesh routers

firmware

php type juggling

/var/www/login.php

escalated privileges

hashed password

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.003

Percentile

69.2%

JSON

Aztech WMB250AC Mesh Routers Firmware Version 016 2020 is vulnerable to PHP Type Juggling in file /var/www/login.php, allows attackers to gain escalated privileges only when specific conditions regarding a given accounts hashed password.

Affected configurations

Nvd

Node

aztechwmb250acMatch-

AND

aztechwmb250ac_firmwareMatch016_2020

VendorProductVersionCPE
aztechwmb250ac-cpe:2.3:h:aztech:wmb250ac:-:*:*:*:*:*:*:*
aztechwmb250ac_firmware016_2020cpe:2.3:o:aztech:wmb250ac_firmware:016_2020:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
aztech	wmb250ac	-	cpe:2.3:h:aztech:wmb250ac:-:::::::*
aztech	wmb250ac_firmware	016_2020	cpe:2.3:o:aztech:wmb250ac_firmware:016_2020:::::::*

References

github.com/ethancunt/CVE-2022-45599

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.003

Percentile

69.2%

JSON

Related for NVD:CVE-2022-45599

prion1 cvelist1 cve1