CVE-2022-35582

Name of the Vulnerable Software and Affected Versions Penta Security Systems Inc WAPPLES versions 4.0.* through 5.0.12.*

Description The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the documentation. Knowing the credentials, attackers can use this feature to gain uncontrolled access to the device and therefore are considered an undocumented possibility for remote control.

Recommendations For versions 4.0.* through 5.0.12.*, consider changing the predefined password of the penta user to prevent unauthorized access. As a temporary workaround, restrict access to the device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.