CVE-2022-3203
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ORing | IAP-420(+) | FW 2.0m | affected |
Weaknesses
- CWE-912: CWE-912 Hidden Functionality
Workarounds
After every reboot telnet to the device and terminate the telnetd process (at least)
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.