cve/2022/CVE-2022-1040.md

### [CVE-2022-1040](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1040)
![](https://img.shields.io/static/v1?label=Product&message=Sophos%20Firewall&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%3D%2018.5%20MR3%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.

### POC

#### Reference
- http://packetstormsecurity.com/files/168046/Sophos-XG115w-Firewall-17.0.10-MR-10-Authentication-Bypass.html
- https://www.exploit-db.com/exploits/51006

#### Github
- https://github.com/APTIRAN/CVE-2022-1040
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/Awrrays/FrameVul
- https://github.com/Cyb3rEnthusiast/CVE-2022-1040
- https://github.com/H4lo/awesome-IoT-security-article
- https://github.com/Keith-amateur/cve-2022-1040
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/SYRTI/POC_to_review
- https://github.com/Seatwe/CVE-2022-1040-rce
- https://github.com/WhooAmii/POC_to_review
- https://github.com/XmasSnowISBACK/CVE-2022-1040
- https://github.com/cve-hunter/CVE-2022-1040-RCE
- https://github.com/cve-hunter/CVE-2022-1040-sophos-rce
- https://github.com/fardeen-ahmed/Bug-bounty-Writeups
- https://github.com/jackson5sec/CVE-2022-1040
- https://github.com/jam620/Sophos-Vulnerability
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/karimhabush/cyberowl
- https://github.com/killvxk/CVE-2022-1040
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/manas3c/CVE-POC
- https://github.com/michealadams30/CVE-2022-1040
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/trhacknon/Pocingit
- https://github.com/whoforget/CVE-POC
- https://github.com/xMr110/CVE-2022-1040
- https://github.com/xuetusummer/Penetration_Testing_POC
- https://github.com/youwizard/CVE-POC
- https://github.com/zecool/cve
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2022-1040](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1040)`
			`![](https://img.shields.io/static/v1?label=Product&message=Sophos%20Firewall&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3C%3D%2018.5%20MR3%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.`

			`### POC`

			`#### Reference`
			`- http://packetstormsecurity.com/files/168046/Sophos-XG115w-Firewall-17.0.10-MR-10-Authentication-Bypass.html`
			`- https://www.exploit-db.com/exploits/51006`

			`#### Github`
			`- https://github.com/APTIRAN/CVE-2022-1040`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/ARPSyndicate/kenzer-templates`
			`- https://github.com/Awrrays/FrameVul`
			`- https://github.com/Cyb3rEnthusiast/CVE-2022-1040`
			`- https://github.com/H4lo/awesome-IoT-security-article`
			`- https://github.com/Keith-amateur/cve-2022-1040`
			`- https://github.com/Mr-xn/Penetration_Testing_POC`
			`- https://github.com/NaInSec/CVE-PoC-in-GitHub`
			`- https://github.com/Ostorlab/KEV`
			`- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors`
			`- https://github.com/SYRTI/POC_to_review`
			`- https://github.com/Seatwe/CVE-2022-1040-rce`
			`- https://github.com/WhooAmii/POC_to_review`
			`- https://github.com/XmasSnowISBACK/CVE-2022-1040`
			`- https://github.com/cve-hunter/CVE-2022-1040-RCE`
			`- https://github.com/cve-hunter/CVE-2022-1040-sophos-rce`
			`- https://github.com/fardeen-ahmed/Bug-bounty-Writeups`
			`- https://github.com/jackson5sec/CVE-2022-1040`
			`- https://github.com/jam620/Sophos-Vulnerability`
			`- https://github.com/k0mi-tg/CVE-POC`
			`- https://github.com/karimhabush/cyberowl`
			`- https://github.com/killvxk/CVE-2022-1040`
			`- https://github.com/lions2012/Penetration_Testing_POC`
			`- https://github.com/manas3c/CVE-POC`
			`- https://github.com/michealadams30/CVE-2022-1040`
			`- https://github.com/nomi-sec/PoC-in-GitHub`
			`- https://github.com/trhacknon/Pocingit`
			`- https://github.com/whoforget/CVE-POC`
			`- https://github.com/xMr110/CVE-2022-1040`
			`- https://github.com/xuetusummer/Penetration_Testing_POC`
			`- https://github.com/youwizard/CVE-POC`
			`- https://github.com/zecool/cve`