CVE-2022-36158

Name of the Vulnerable Software and Affected Versions Contec FXA3200 versions 1.13.00 and under

Description The issue allows malicious actors to execute Linux commands with root privilege via a hidden web page (/usr/www/ja/mnt cmd.cgi) in the Wireless LAN Manager interface due to Insecure Permissions. This enables attackers to gain elevated access.

Recommendations For Contec FXA3200 versions 1.13.00 and under, as a temporary workaround, consider restricting access to the hidden web page (/usr/www/ja/mnt cmd.cgi) until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.