CVE-2022-47618 - OpenCVE

Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator credentials. An unauthenticated remote attacker can use these credentials to log in administrator page, to manipulate system or disrupt service.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Meritlilin	Ah55b08 Ah55b04 Firmware Ah55b04 Ah55b08 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:meritlilin:ah55b08_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:meritlilin:ah55b08:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:meritlilin:ah55b04_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:meritlilin:ah55b04:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.twcert.org.tw/tw/cp-132-6825-6691e-1.html	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: twcert

Published: 2023-01-03T00:00:00

Updated: 2023-01-03T00:00:00

Reserved: 2022-12-20T00:00:00

Link: CVE-2022-47618

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-01-03T03:15:10.910

Modified: 2023-01-10T16:52:19.820

Link: CVE-2022-47618

JSON object: View

Redhat Information

No data.

CWE

CWE-798

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:ah55b08_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "AA6396B9-AC46-40D8-A42B-922A41D41B9F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:ah55b08:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FC34E0B-3AA9-4F78-AA6E-1045CFD22FA2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:ah55b04_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "ECA4E6AC-B883-47DF-B6E7-A0EF095E9ED8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:ah55b04:-:*:*:*:*:*:*:*", "matchCriteriaId": "6FE0F441-346E-485C-8FC2-D19AB9F45CED", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator credentials. An unauthenticated remote attacker can use these credentials to log in administrator page, to manipulate system or disrupt service."}], "id": "CVE-2022-47618", "lastModified": "2023-01-10T16:52:19.820", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2023-01-03T03:15:10.910", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.twcert.org.tw/tw/cp-132-6825-6691e-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-798"}], "source": "twcert@cert.org.tw", "type": "Secondary"}]}