173 matches found
CVE-2022-36158
Contec FXA3200 (and FLEXLAN FX3000/FX2000 series) versions 1.13.00 and earlier are affected by CVE-2022-36158 due to Insecure Permissions in the Wireless LAN Manager interface, enabling execution of Linux commands with root privileges via a hidden web page (/usr/www/ja/mnt_cmd.cgi). Impact is hig...
CVE-2022-36158
Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page /usr/www/ja/mntcmd.cgi...
PT-2022-23237 · Contec · Contec Fxa3200
Name of the Vulnerable Software and Affected Versions: Contec FXA3200 versions 1.13 and under Description: The issue concerns a hard-coded hash password for the root user stored in the /etc/shadow component. This password is weak and can be cracked in a few minutes. Once the password is obtained,...
PT-2022-23236 · Contec · Contec Fxa3200
Name of the Vulnerable Software and Affected Versions: Contec FXA3200 versions 1.13.00 and under Description: The issue allows malicious actors to execute Linux commands with root privilege via a hidden web page /usr/www/ja/mnt cmd.cgi in the Wireless LAN Manager interface due to Insecure...
CVE-2022-38453 Contec Health CMS8000
Multiple binary application files on the CMS8000 device are compiled with 'not stripped' and 'debuginfo' compilation settings. These compiler settings greatly decrease the level of effort for a threat actor to reverse engineer sensitive code and identify additional vulnerabilities...
CVE-2022-38453 Contec Health CMS8000
Multiple binary application files on the CMS8000 device are compiled with 'not stripped' and 'debuginfo' compilation settings. These compiler settings greatly decrease the level of effort for a threat actor to reverse engineer sensitive code and identify additional vulnerabilities...
CVE-2022-3027 Contec Health CMS8000
The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. A threat actor could create an SSID with a malicious name, including non-standard characters that, when the device attempts connecting to the malicious SSID, the device can be exploited to write...
CVE-2022-38069 Contec Health CMS8000
Multiple globally default credentials exist across all CMS8000 devices, that once exposed, allow a threat actor with momentary physical access to gain privileged access to any device. Privileged credential access enables the extraction of sensitive patient information or modification of device...
CVE-2022-38069 Contec Health CMS8000
Multiple globally default credentials exist across all CMS8000 devices, that once exposed, allow a threat actor with momentary physical access to gain privileged access to any device. Privileged credential access enables the extraction of sensitive patient information or modification of device...
CVE-2022-38100 Contec Health CMS8000
The CMS800 device fails while attempting to parse malformed network data sent by a threat actor. A threat actor with network access can remotely issue a specially formatted UDP request that will cause the entire device to crash and require a physical reboot. A UDP broadcast request could be sent...
CVE-2022-38100 Contec Health CMS8000
The CMS800 device fails while attempting to parse malformed network data sent by a threat actor. A threat actor with network access can remotely issue a specially formatted UDP request that will cause the entire device to crash and require a physical reboot. A UDP broadcast request could be sent...
CVE-2022-36385 Contec Health CMS8000
A threat actor with momentary access to the device can plug in a USB drive and perform a malicious firmware update, resulting in permanent changes to device functionality. No authentication or controls are in place to prevent a threat actor from maliciously modifying firmware and performing a...
CVE-2022-36385 Contec Health CMS8000
A threat actor with momentary access to the device can plug in a USB drive and perform a malicious firmware update, resulting in permanent changes to device functionality. No authentication or controls are in place to prevent a threat actor from maliciously modifying firmware and performing a...
Multiple vulnerabilities in Contec FLEXLAN FX3000 and FX2000 series
Overview FLEXLAN FX3000 and FX2000 series provided by Contec Co., Ltd. contain multiple vulnerabilities listed below. Hidden Functionality CWE-912 - CVE-2022-36158 Use of Hard-coded Credentials CWE-798 - CVE-2022-36159 Thomas J. Knudsen and Samy Younsi of Necrum Security Labs reported these...
Contec Health CMS8000 Patient Monitor (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Low attack complexity Vendor: Contec Health Equipment: CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor Vulnerabilities: Improper Access Control, Uncontrolled Resource Consumption, Use of Hard-Coded Credentials, Active Debug Code 2. RISK EVALUATION...
Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor 安全漏洞
The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor is a vital signs patient monitor from Contec Health. A security vulnerability exists in the Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor that stems from multiple binary application files on the CMS8000 device...
Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor 安全漏洞
The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor is a vital signs patient monitor from Contec Japan. The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor suffers from a security vulnerability that stems from a failure of the CMS800 device when attempting to par...
Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor 访问控制错误漏洞
The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor is a vital signs patient monitor from Contec Health. The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor has an access control error vulnerability that stems from its inability to properly control or clean the...
Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor 访问控制错误漏洞
The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor is a vital signs patient monitor from Contec Health. The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor suffers from an Access Control Error vulnerability that originates from a threat actor with transient acce...
Contec FLEXLAN FX3000和FX2000 信任管理问题漏洞
The Contec FLEXLAN FX3000 and Contec FLEXLAN FX2000 are both wireless LAN access points from Contec Japan. A security vulnerability exists in the Contec FLEXLAN FX3000 version prior to 1.16.00 and the FX2000 version prior to 1.39.00. An attacker could exploit the vulnerability to access product...