Iray-a8z3 Firmware Security Vulnerabilities and Issues — Iray-a8z3 Firmware CVE List

Lucene search

InfirayIray-a8z3 Firmware

4 matches found

CVE•added 2022/07/17 11:15 p.m.•70 views

CVE-2022-31211

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET by default.

10CVSS9.4AI score0.00395EPSS

CVE•added 2022/07/17 11:15 p.m.•57 views

CVE-2022-31208

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmd_string URL parameter.

9CVSS8.9AI score0.00456EPSS

CVE•added 2022/07/17 11:15 p.m.•54 views

CVE-2022-31209

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware contains a potential buffer overflow by calling strcpy() without checking the string length beforehand.

10CVSS9.6AI score0.0104EPSS

CVE•added 2022/07/17 11:15 p.m.•52 views

CVE-2022-31210

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/set_param.cgi contains hardcoded credentials to the web application. Because these accounts cannot be deactivated or have their passwords changed, they are considered to be backdoor accounts.

9.8CVSS9.3AI score0.00428EPSS