Lucene search

[email protected]NVD:CVE-2022-45600

HistoryFeb 22, 2023 - 10:15 p.m.

CVE-2022-45600

2023-02-2222:15:11

CWE-77

[email protected]

web.nvd.nist.gov

aztech

wmb250ac

mesh routers

firmware

vulnerability

authentication

remote attack

arbitrary commands

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.004

Percentile

73.7%

JSON

Aztech WMB250AC Mesh Routers Firmware Version 016 2020 devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login.

Affected configurations

Nvd

Node

aztechwmb250ac_firmwareMatch016_2020

AND

aztechwmb250acMatch-

VendorProductVersionCPE
aztechwmb250ac_firmware016_2020cpe:2.3:o:aztech:wmb250ac_firmware:016_2020:*:*:*:*:*:*:*
aztechwmb250ac-cpe:2.3:h:aztech:wmb250ac:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
aztech	wmb250ac_firmware	016_2020	cpe:2.3:o:aztech:wmb250ac_firmware:016_2020:::::::*
aztech	wmb250ac	-	cpe:2.3:h:aztech:wmb250ac:-:::::::*

References

github.com/ethancunt/CVE-2022-45600

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.004

Percentile

73.7%

JSON

Related for NVD:CVE-2022-45600

prion1 githubexploit1 cve1 cvelist1