CVE-2022-43364

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions IP-COM EW9 version 15.11.0.14(9732)

Description The issue is related to an access control problem in the password reset page, allowing unauthenticated attackers to change the admin password arbitrarily.

Recommendations For IP-COM EW9 version 15.11.0.14(9732), consider restricting access to the password reset page until a fix is available. As a temporary workaround, monitor admin password changes closely and reset the password regularly to minimize potential damage. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2022-43364

Affected Products

Ip-Com Ew9

CVE-2022-43364

Related Identifiers

Affected Products

References · 3