CVE-2022-31807

Name of the Vulnerable Software and Affected Versions SiPass integrated AC5102 (ACC-G2) (All versions) SiPass integrated ACC-AP (All versions)

Description A vulnerability has been identified where affected devices do not properly check the integrity of firmware updates. This could allow a local attacker to upload a maliciously modified firmware onto the device. In another scenario, a remote attacker who is able to intercept the transfer of a valid firmware from the server to the device could modify the firmware "on the fly".

Recommendations For SiPass integrated AC5102 (ACC-G2), ensure the integrity of firmware updates by implementing secure transfer protocols until a patch is available. For SiPass integrated ACC-AP, consider restricting access to firmware updates to minimize the risk of exploitation until a fix is provided. As a temporary workaround, consider disabling the ability to upload firmware updates directly to the devices until a secure update mechanism is implemented.