CVE-2026-22543

Summary

The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials

Affected Software

VendorProductVersion RangeStatus
EFACECQC 60/90/1208affected

Weaknesses

  • CWE-261: CWE-261: Week encoding for passwords

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References