5 matches found
CVE-2022-43364
CVE-2022-43364 affects IP-COM EW9 (firmware V15.11.0.14(9732)). An access-control flaw on the password-reset page allows unauthenticated attackers to arbitrarily change the admin password. CVSSv3.1 metrics in NVD/CVE entries: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N (base score 7.5, HIGH). Attack vect...
CVE-2022-43367
CVE-2022-43367 describes a command injection vulnerability in IP-COM EW9 firmware. Affected: IP-COM EW9 version 15.11.0.14(9732). Root cause: the formSetDebugCfg function exposes a mechanism susceptible to command injection. Impact is high across confidentiality, integrity, and availability; acce...
CVE-2022-43366
CVE-2022-43366 affects IP-COM EW9, version 15.11.0.14(9732). The flaw allows unauthenticated attackers to access sensitive information via the checkLoginUser, ate, telnet, version, setDebugCfg, and boot interfaces. NVD/CVE metrics assign CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (base score ...
CVE-2022-45005
CVE-2022-45005 affects IP-COM EW9 firmware v15.11.0.14(9732). The issue is a command injection in the cmd_get_ping_output function, enabling an attacker to inject commands via the affected feature. Reported impact is high (confidentiality, integrity, and availability all high) with network-expose...
CVE-2022-43365
The CVE-2022-43365 vulnerability affects IP-COM EW9 router (firmware version V15.11.0.14(9732)). A buffer overflow in the formSetDebugCfg function is described, enabling a crafted string to trigger a Denial of Service (DoS). Connected sources consistently cite the same root cause and impact witho...