2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2022-36158" ,
"sourceIdentifier" : "cve@mitre.org" ,
"published" : "2022-09-26T11:15:09.483" ,
2024-12-08 03:06:42 +00:00
"lastModified" : "2024-11-21T07:12:30.887" ,
"vulnStatus" : "Modified" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page (/usr/www/ja/mnt_cmd.cgi)."
} ,
{
"lang" : "es" ,
"value" : "Contec FXA3200 versiones 1.13.00 y anteriores, sufre de permisos no seguros en la interfaz del Wireless LAN Manager, lo que permite a actores maliciosos ejecutar comandos de Linux con privilegios de root por medio de una p\u00e1gina web oculta (/usr/www/ja/mnt_cmd.cgi).\n"
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 8.0 ,
"baseSeverity" : "HIGH" ,
2023-04-24 12:24:31 +02:00
"attackVector" : "ADJACENT_NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "HIGH"
2023-04-24 12:24:31 +02:00
} ,
"exploitabilityScore" : 2.1 ,
"impactScore" : 5.9
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
2024-04-04 08:46:00 +00:00
"value" : "CWE-425"
2023-04-24 12:24:31 +02:00
}
]
}
] ,
"configurations" : [
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-12-08 03:06:42 +00:00
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:contec:fxa3000_firmware:*:*:*:*:*:*:*:*" ,
"versionEndIncluding" : "1.13.00" ,
"matchCriteriaId" : "6E67687B-F390-444A-8E80-250763681261"
2023-04-24 12:24:31 +02:00
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-12-08 03:06:42 +00:00
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:contec:fxa3000:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9AB86C4B-366E-4560-94A9-9821C2CCC5C2"
2023-04-24 12:24:31 +02:00
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-12-08 03:06:42 +00:00
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:contec:fxa3020_firmware:*:*:*:*:*:*:*:*" ,
"versionEndIncluding" : "1.13.00" ,
"matchCriteriaId" : "2BBBCFC0-97C2-4777-B49D-D010E8094774"
2023-04-24 12:24:31 +02:00
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-12-08 03:06:42 +00:00
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:contec:fxa3020:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8ECA2469-3831-4AF5-B3C8-A5958AF2900C"
2023-04-24 12:24:31 +02:00
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-12-08 03:06:42 +00:00
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:contec:fxa3200_firmware:*:*:*:*:*:*:*:*" ,
"versionEndIncluding" : "1.13.00" ,
"matchCriteriaId" : "E38C56EE-4B13-4ADC-BCD4-D7FD4F077ED5"
2023-04-24 12:24:31 +02:00
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-12-08 03:06:42 +00:00
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:contec:fxa3200:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "20886C6B-D3B4-438D-BBAF-F80AEE3B8762"
2023-04-24 12:24:31 +02:00
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-12-08 03:06:42 +00:00
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:contec:fxa2000_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "1.39.00" ,
"matchCriteriaId" : "DA3E66D5-3D23-49C9-8920-7D96ACEFA96F"
2023-04-24 12:24:31 +02:00
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-12-08 03:06:42 +00:00
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:contec:fxa2000:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B4A09AF9-472E-4FC0-A490-EF21EB37D47C"
2023-04-24 12:24:31 +02:00
}
]
}
]
}
] ,
"references" : [
{
"url" : "https://gist.github.com/Nwqda/aac33d1936d2b514a3268f145345abb4" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Broken Link" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://jvn.jp/en/vu/JVNVU98305100/" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Patch" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://samy.link/blog/contec-flexlan-fxa2000-and-fxa3000-series-vulnerability-repo" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Exploit" ,
"Mitigation" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://www.contec.com/products-services/computer-networking/flexlan-fx/fx-accesspoint/fxa3200/feature/#section" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Product"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://gist.github.com/Nwqda/aac33d1936d2b514a3268f145345abb4" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Broken Link" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://jvn.jp/en/vu/JVNVU98305100/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Patch" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://samy.link/blog/contec-flexlan-fxa2000-and-fxa3000-series-vulnerability-repo" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Exploit" ,
"Mitigation" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://www.contec.com/products-services/computer-networking/flexlan-fx/fx-accesspoint/fxa3200/feature/#section" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Product"
]
2023-04-24 12:24:31 +02:00
}
]
}
