CVE-2022-22988

Name of the Vulnerable Software and Affected Versions EdgeRover versions prior to 1.5.1-594

Description The issue is related to insufficient permission assignment checks for a critical resource in the EdgeRover application, which can be exploited by a remote attacker to elevate privileges or cause a denial of service. The vulnerability can only be exploited once an attacker has already gained authenticated access to the device. It is associated with incorrect handling of file and directory permissions, allowing an attacker to traverse through files and directories. The estimated severity of this issue is high, and it has been identified as a critical vulnerability.

Recommendations For EdgeRover versions prior to 1.5.1-594, update to version 1.5.1-594 or newer to resolve the issue. As a temporary workaround, consider restricting access to the EdgeRover application until the update is applied. Additionally, using the default file manager provided with the operating system can help mitigate the risk of exploitation.