exploitDog

CVE-2022-35122

Опубликовано: 17 авг. 2022

Источник: nvd

CVSS3: 9.1

EPSS Низкий

Описание

An access control issue in Ecowitt GW1100 Series Weather Stations <=GW1100B_v2.1.5 allows unauthenticated attackers to access sensitive information including device and local WiFi passwords.

Ссылки

https://www.pizzapower.me/2022/06/30/the-incredibly-insecure-weather-station/
Exploit
Third Party Advisory
https://www.pizzapower.me/2022/06/30/the-incredibly-insecure-weather-station/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:ecowitt:gw1100_firmware:*:*:*:*:*:*:*:*

Версия до 2.1.5 (включая)

cpe:2.3:h:ecowitt:gw1100:-:*:*:*:*:*:*:*

EPSS

Процентиль: 81%

0.01602

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-306

Связанные уязвимости

GHSA-9hm3-qw9q-h8gf

CVSS3: 9.1

github

больше 3 лет назад

An access control issue in Ecowitt GW1100 Series Weather Stations <=GW1100B_v2.1.5 allows unauthenticated attackers to access sensitive information including device and local WiFi passwords.

EPSS

Процентиль: 81%

0.01602

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-306