CVE-2022-38625

Name of the Vulnerable Software and Affected Versions Patlite NH-FB versions 1.46 and below

Description The issue is related to insufficient firmware validation during the upgrade firmware file upload process. This allows authenticated attackers to create and upload their own custom-built firmware and inject malicious code. The vendor considers this a design choice rather than a vulnerability.

Recommendations For Patlite NH-FB versions 1.46 and below, as a temporary workaround, consider restricting access to the firmware upgrade process to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.