CVE-2022-50981

Summary

An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.

Affected Software

VendorProductVersion RangeStatus
InnomicVibroLine VLX1 HD 5.02.1.1340 <= 2.1.1387affected
InnomicVibroLine VLX1 HD 5.02.1.1866affected
InnomicVibroLine VLX2 HD 5.02.1.1340 <= 2.1.1387affected
InnomicVibroLine VLX2 HD 5.02.1.1866affected
InnomicVibroLine VLX4 HD 5.02.1.1340 <= 2.1.1387affected
InnomicVibroLine VLX4 HD 5.02.1.1866affected
InnomicVibroLine VLX6 HD 5.02.1.1340 <= 2.1.1387affected
InnomicVibroLine VLX6 HD 5.02.1.1866affected
InnomicVibroLine VLX8 HD 5.02.1.1340 <= 2.1.1387affected
InnomicVibroLine VLX8 HD 5.02.1.1866affected
avibiaAvibiaLine AVLX1 HD 5.02.1.1340 <= 2.1.1387affected
avibiaAvibiaLine AVLX1 HD 5.02.1.1866affected
avibiaAvibiaLine AVLX2 HD 5.02.1.1340 <= 2.1.1387affected
avibiaAvibiaLine AVLX2 HD 5.02.1.1866affected
avibiaAvibiaLine AVLX4 HD 5.02.1.1340 <= 2.1.1387affected
avibiaAvibiaLine AVLX4 HD 5.02.1.1866affected
avibiaAvibiaLine AVLX6 HD 5.02.1.1340 <= 2.1.1387affected
avibiaAvibiaLine AVLX6 HD 5.02.1.1866affected
avibiaAvibiaLine AVLX8 HD 5.02.1.1340 <= 2.1.1387affected
avibiaAvibiaLine AVLX8 HD 5.02.1.1866affected
InnomicVibroLine VLE1 HD 5.02.1.1340 <= 2.1.1387unaffected
InnomicVibroLine VLE2 HD 5.02.1.1340 <= 2.1.1387unaffected
InnomicVibroLine VLE4 HD 5.02.1.1340 <= 2.1.1387unaffected
InnomicVibroLine VLE6 HD 5.02.1.1340 <= 2.1.1387unaffected
InnomicVibroLine VLE8 HD 5.02.1.1340 <= 2.1.1387unaffected
avibiaAvibiaLine AVLE1 HD 5.02.1.1340 <= 2.1.1387unaffected
avibiaAvibiaLine AVLE1 HD 5.02.1.1866unaffected
avibiaAvibiaLine AVLE2 HD 5.02.1.1340 <= 2.1.1387unaffected
avibiaAvibiaLine AVLE2 HD 5.02.1.1866unaffected
avibiaAvibiaLine AVLE4 HD 5.02.1.1340 <= 2.1.1387unaffected
avibiaAvibiaLine AVLE4 HD 5.02.1.1866unaffected
avibiaAvibiaLine AVLE6 HD 5.02.1.1340 <= 2.1.1387unaffected
avibiaAvibiaLine AVLE6 HD 5.02.1.1866unaffected
avibiaAvibiaLine AVLE8 HD 5.02.1.1340 <= 2.1.1387unaffected
avibiaAvibiaLine AVLE8 HD 5.02.1.1866unaffected
InnomicVibroLine VLE1 HD 5.02.1.1866unaffected
InnomicVibroLine VLE2 HD 5.02.1.1866unaffected
InnomicVibroLine VLE4 HD 5.02.1.1866unaffected
InnomicVibroLine VLE6 HD 5.02.1.1866unaffected
InnomicVibroLine VLE8 HD 5.02.1.1866unaffected
InnomicVibroLine VLE1 HD 4.01.4.1074 <= 1.4.1116unaffected
InnomicVibroLine VLE2 HD 4.01.4.1074 <= 1.4.1116unaffected
InnomicVibroLine VLE4 HD 4.01.4.1074 <= 1.4.1116unaffected
InnomicVibroLine VLE6 HD 4.01.4.1074 <= 1.4.1116unaffected
InnomicVibroLine VLE8 HD 4.01.4.1074 <= 1.4.1116unaffected
InnomicVibroLine VLX1 HD 4.01.5.1074 <= 1.5.1116unaffected
InnomicVibroLine VLX2 HD 4.01.5.1074 <= 1.5.1116unaffected
InnomicVibroLine VLX4 HD 4.01.5.1074 <= 1.5.1116unaffected
InnomicVibroLine VLX6 HD 4.01.5.1074 <= 1.5.1116unaffected
InnomicVibroLine VLX8 HD 4.01.5.1074 <= 1.5.1116unaffected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References