HIGH🇬🇧 English

CVE-2022-26516

CVSS 8.4v3.1pub. 2022-04-20upd. 2024-11-21

Authorized users may install a maliciously modified package file when updating the device via the web user interface. The user may inadvertently use a package file obtained from an unauthorized source or a file that was compromised between download and deployment.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
  • Redlion Da50n

    HW
    Redlion
    wszystkie wersje
  • Redlion Da50n Firmware

    OS
    Redlion
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-1039CRITICAL9.6ten sam produkt

The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access has been obta...

CVE-2022-27179MEDIUM4.6ten sam produkt

A malicious actor having access to the exported configuration file may obtain the stored credentials and there...

CVE-2020-27285CRITICAL9.1ten sam vendor

The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read a...

CVE-2020-16204CRITICAL9.8ten sam vendor

The affected product is vulnerable due to an undocumented interface found on the device, which may allow an at...

CVE-2020-16206CRITICAL9.0ten sam vendor

The affected product is vulnerable to stored cross-site scripting, which may allow an attacker to remotely exe...

CVE-2022-26516 — HIGH 8.4 | CVEbaza.pl