Lucene search

Ew9 Firmware Security Vulnerabilities

cve

CVE-2022-43364

An access control issue in the password reset page of IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to arbitrarily change the admin password.

7.5CVSS

7.6AI Score

0.001EPSS

2022-10-27 06:15 PM

cve

CVE-2022-43365

IP-COM EW9 V15.11.0.14(9732) was discovered to contain a buffer overflow in the formSetDebugCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.

7.5CVSS

7.6AI Score

0.001EPSS

2022-10-27 06:15 PM

cve

CVE-2022-43366

IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to access sensitive information via the checkLoginUser, ate, telnet, version, setDebugCfg, and boot interfaces.

7.5CVSS

7.4AI Score

0.002EPSS

2022-10-27 06:15 PM

cve

CVE-2022-43367

IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the formSetDebugCfg function.

9.8CVSS

9.7AI Score

0.018EPSS

2022-10-27 06:15 PM

cve

CVE-2022-45005

IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the cmd_get_ping_output function.

9.8CVSS

9.7AI Score

0.018EPSS

2022-12-13 07:15 PM