Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

751-9301 Firmware Security Vulnerabilities - 2023

cve
cve

CVE-2022-45137

The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability.

6.1CVSS

6.6AI Score

0.001EPSS

2023-02-27 03:15 PM
24
cve
cve

CVE-2022-45138

The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device.

9.8CVSS

6.3AI Score

0.002EPSS

2023-02-27 03:15 PM
40
cve
cve

CVE-2022-45139

A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of info...

5.3CVSS

6.6AI Score

0.002EPSS

2023-02-27 03:15 PM
26
cve
cve

CVE-2022-45140

The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise.

9.8CVSS

9.8AI Score

0.004EPSS

2023-02-27 03:15 PM
41