2 matches found
CVE-2022-36159
The CVE-2022-36159 issue affects Contec FXA3200 firmware version 1.13 and earlier, where a hard-coded root password stored in /etc/shadow is weak and crackable. An attacker with adjacent access could use this credential to reach the Wireless LAN Manager interface, enable Telnet, sniff traffic, or...
CVE-2022-36158
Contec FXA3200 (and FLEXLAN FX3000/FX2000 series) versions 1.13.00 and earlier are affected by CVE-2022-36158 due to Insecure Permissions in the Wireless LAN Manager interface, enabling execution of Linux commands with root privileges via a hidden web page (/usr/www/ja/mnt_cmd.cgi). Impact is hig...