The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device.
References
Link | Resource |
---|---|
https://cert.vde.com/en/advisories/VDE-2022-060/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: CERTVDE
Published: 2023-02-27T14:36:20.474Z
Updated: 2023-02-27T14:36:20.474Z
Reserved: 2022-11-10T09:46:59.079Z
Link: CVE-2022-45138
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-02-27T15:15:11.317
Modified: 2023-03-07T22:54:12.070
Link: CVE-2022-45138
JSON object: View
Redhat Information
No data.
CWE