exploitDog

CVE-2022-24660

Опубликовано: 20 июл. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

The debug interface of Goldshell ASIC Miners v2.2.1 and below was discovered to be exposed publicly on the web interface, allowing attackers to access passwords and other sensitive information in plaintext.

Ссылки

https://github.com/goldshellminer/firmware
Third Party Advisory
https://jamesachambers.com/cryptocurrency-asic-miners-security-and-hacking-audit/
Exploit
Mitigation
Third Party Advisory
https://github.com/goldshellminer/firmware
Third Party Advisory
https://jamesachambers.com/cryptocurrency-asic-miners-security-and-hacking-audit/
Exploit
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:goldshell:goldshell_miner_firmware:*:*:*:*:*:*:*:*

Версия до 2.2.1 (включая)

EPSS

Процентиль: 19%

0.00061

Низкий

7.5 High

CVSS3

Дефекты

CWE-312

Связанные уязвимости

GHSA-xxw8-ppw6-gv4w

CVSS3: 7.5

github

почти 3 года назад

The debug interface of Goldshell ASIC Miners v2.2.1 and below was discovered to be exposed publicly on the web interface, allowing attackers to access passwords and other sensitive information in plaintext.

EPSS

Процентиль: 19%

0.00061

Низкий

7.5 High

CVSS3

Дефекты

CWE-312