CVE-2022-31210

Name of the Vulnerable Software and Affected Versions Infiray IRAY-A8Z3 version 1.0.957

Description An issue was discovered in the binary file /usr/local/sbin/webproject/set param.cgi, which contains hardcoded credentials to the web application. These accounts are considered backdoor accounts because they cannot be deactivated or have their passwords changed. The exploitation of this issue may allow a remote attacker to elevate their privileges.

Recommendations For Infiray IRAY-A8Z3 version 1.0.957, consider disabling access to the /usr/local/sbin/webproject/set param.cgi file until a patch is available to remove the hardcoded credentials. Restrict access to the web application to minimize the risk of exploitation. Avoid using the affected accounts until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.