Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-38625

Опубликовано: 29 авг. 2022
Источник: nvd
CVSS3: 8.8
EPSS Низкий

Описание

Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during the upgrade firmware file upload process. This vulnerability allows authenticated attackers to create and upload their own custom-built firmware and inject malicious code. NOTE: the vendor's position is that this is a design choice, not a vulnerability

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:patlite:nbm-d88n_firmware:*:*:*:*:*:*:*:*
Версия до 1.46 (включая)
cpe:2.3:h:patlite:nbm-d88n:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:patlite:nhl-3fb1_firmware:*:*:*:*:*:*:*:*
Версия до 1.46 (включая)
cpe:2.3:h:patlite:nhl-3fb1:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:patlite:nhl-3fv1n_firmware:*:*:*:*:*:*:*:*
Версия до 1.46 (включая)
cpe:2.3:h:patlite:nhl-3fv1n:-:*:*:*:*:*:*:*

EPSS

Процентиль: 50%
0.00265
Низкий

8.8 High

CVSS3

Дефекты

CWE-345
CWE-345

Связанные уязвимости

github логотип

GHSA-89rj-8fq7-2vrc

CVSS3: 8.8
github
больше 3 лет назад

Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during the upgrade firmware file upload process. This vulnerability allows authenticated attackers to create and upload their own custom-built firmware and inject malicious code.

EPSS

Процентиль: 50%
0.00265
Низкий

8.8 High

CVSS3

Дефекты

CWE-345
CWE-345