Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fxa3000_firmware
(Contec)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 2 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-09-26 | CVE-2022-36158 | Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page (/usr/www/ja/mnt_cmd.cgi). | Fxa2000_firmware, Fxa3000_firmware, Fxa3020_firmware, Fxa3200_firmware | 8.0 | ||
| 2022-09-26 | CVE-2022-36159 | Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow. As the password strength is weak, it can be cracked in few minutes. Through this credential, a malicious actor can access the Wireless LAN Manager interface and open the telnet port then sniff the traffic or inject any malware. | Fxa2000_firmware, Fxa3000_firmware, Fxa3020_firmware, Fxa3200_firmware | 8.8 |