CVE-2022-23768

Published Sep 19, 2022

Last updated 6 months ago

CVSS high 8.8

Overview

Description: This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the device.
Source: vuln@krcert.or.kr
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

vuln@krcert.or.kr: CWE-284
nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:neoinfosys:nis-hap11ac_firmware:3.0:b20201117095902:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AF64FEB-6494-42B1-BE64-E262C163568A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:neoinfosys:nis-hap11ac:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EFBB01E2-EC7C-4727-9509-A727149B7B29"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References