admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-07 05:28:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-246xx/CVE-2022-24693.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

160 lines
4.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-24693",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-03-30T02:15:08.960",
"lastModified": "2022-04-07T16:08:03.983",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)"
},
{
"lang": "es",
"value": "Los dispositivos Baicells Nova436Q y Neutrino 430 con versiones de firmware hasta QRTB 2.7.8, presentan credenciales embebidas que son f\u00e1cilmente detectadas, y pueden ser usadas por atacantes remotos para autenticarse por medio de ssh. (Las credenciales son almacenadas en el firmware, encriptadas por la funci\u00f3n crypt)"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:baicells:nova436q_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "qrtb_2.7.8",
"matchCriteriaId": "9A946299-1B2C-47DC-A845-7EA1357971C0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:baicells:nova436q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF872E4-C1A1-4C60-B0CC-3958A99A7E6C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:baicells:neutrino_430_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "qrtb_2.7.8",
"matchCriteriaId": "D0A759BD-7BA5-442B-85DD-9CFB2FD90244"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:baicells:neutrino_430:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F525B37-6593-4534-932D-89C7D28B3C10"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/lukejenkins/CVE-2022-24693",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://img.baicells.com/Upload/20210909/FILE/98d2752f-6e83-49b1-9dab-d291e9023db6.pdf",
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
]
},
{
"url": "https://na.baicells.com/Service/Firmware",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink