CVE-2022-31395 - OpenCVE

Algo Communication Products Ltd. 8373 IP Zone Paging Adapter Firmware 1.7.6 allows attackers to perform a directory traversal via a web request sent to /fm-data.lua.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Algosolutions	8373 Ip Zone Paging Adapter 8373 Ip Zone Paging Adapter Firmware

Configuration 1 [-]

AND

cpe:2.3:o:algosolutions:8373_ip_zone_paging_adapter_firmware:1.7.6:*:*:*:*:*:*:*

cpe:2.3:h:algosolutions:8373_ip_zone_paging_adapter:-:*:*:*:*:*:*:*

References

Link	Resource
https://n0ur5sec.medium.com/achievement-unlocked-cve-2022-31395-33299f32cc00	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-06-22T13:34:40

Updated: 2022-06-22T13:34:40

Reserved: 2022-05-23T00:00:00

Link: CVE-2022-31395

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-06-23T17:15:13.163

Modified: 2022-06-30T18:14:18.603

Link: CVE-2022-31395

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:algosolutions:8373_ip_zone_paging_adapter_firmware:1.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "BBBF85D7-3050-4FD4-A241-70982579E9CE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:algosolutions:8373_ip_zone_paging_adapter:-:*:*:*:*:*:*:*", "matchCriteriaId": "61FFD923-DF4A-4FAD-B4FA-F41DB754CBA9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Algo Communication Products Ltd. 8373 IP Zone Paging Adapter Firmware 1.7.6 allows attackers to perform a directory traversal via a web request sent to /fm-data.lua."}, {"lang": "es", "value": "Algo Communication Products Ltd. 8373 IP Zone Paging Adapter Firmware versi\u00f3n 1.7.6, permite a atacantes realizar un salto de directorio por medio de una solicitud web enviada al archivo /fm-data.lua"}], "id": "CVE-2022-31395", "lastModified": "2022-06-30T18:14:18.603", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-23T17:15:13.163", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://n0ur5sec.medium.com/achievement-unlocked-cve-2022-31395-33299f32cc00"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}