Lucene search

TwcertCVE-2022-46308

HistoryJun 02, 2023 - 11:15 a.m.

CVE-2022-46308

2023-06-0211:15:09

CWE-863

twcert

web.nvd.nist.gov

cve-2022-46308

sguda u-lock

authorization vulnerability

user management

remote attacker

privileged apis

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

48.9%

JSON

SGUDA U-Lock central lock control service’s user management function has incorrect authorization. A remote attacker with general user privilege can exploit this vulnerability to call privileged APIs to access, modify and delete user information.

Affected configurations

Nvd

Node

sgudau-lock_firmwareMatch-

AND

sgudau-lockMatch-

VendorProductVersionCPE
sgudau-lock_firmware-cpe:2.3:o:sguda:u-lock_firmware:-:*:*:*:*:*:*:*
sgudau-lock-cpe:2.3:h:sguda:u-lock:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sguda	u-lock_firmware	-	cpe:2.3:o:sguda:u-lock_firmware:-:::::::*
sguda	u-lock	-	cpe:2.3:h:sguda:u-lock:-:::::::*

CNA Affected

[
  {
    "vendor": "SGUDA",
    "product": "U-Lock",
    "versions": [
      {
        "version": "0",
        "status": "unknown"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-7100-7a15c-1.html

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

48.9%

JSON

Related for CVE-2022-46308