PT-2022-20215 · Chcnav · Chcnav - P5E Gnss+1
Metadata
·
Published
2022-07-17
·
Updated
2022-07-28
·
CVE-2022-30622
CVSS v3.1
7.3
High
| Vector | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Software (affected versions not specified)
Description
The system allows unauthorized viewing of usernames and passwords, enabling access to the system. The issue is accessible via the "http://api/sys username passwd.cmd" API endpoint. Additionally, hard-coded credit information and a super-user password are disclosed within the JS code sent to customers in the Login.js file. The disclosed username is
chcadmin and the password is chcpassword.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Chcnav - P5E Gnss
P5E Gnss Firmware