PT-2022-23500 · Canaan · Canaan Avalon Asic Miner
James A. Chambers
·
Published
2022-09-01
·
Updated
2022-09-08
·
CVE-2022-36604
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Canaan Avalon ASIC Miner versions 2020.3.30 and below
Description
The issue is related to an access control problem, allowing unauthenticated attackers to change user passwords using a crafted POST request.
Recommendations
For Canaan Avalon ASIC Miner versions 2020.3.30 and below, update to a version above 2020.3.30 to resolve the issue.
Exploit
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Canaan Avalon Asic Miner