CVE-2022-28113

Name of the Vulnerable Software and Affected Versions FANTEC GmbH MWiD25-DS Firmware version 2.000.030

Description The issue allows attackers to write files and reset user passwords without having a valid session cookie. This is due to a problem in the upload.csp of the firmware.

Recommendations For FANTEC GmbH MWiD25-DS Firmware version 2.000.030, consider restricting access to the upload.csp until a patch is available. As a temporary workaround, avoid using the firmware's file upload functionality and password reset features until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.