Lucene search

[email protected]NVD:CVE-2022-3203

HistoryOct 21, 2022 - 1:15 p.m.

CVE-2022-3203

2022-10-2113:15:09

CWE-912

[email protected]

web.nvd.nist.gov

cve-2022-3203

telnet server

hardcoded credentials

default credentials

oring net

iap-420+

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

68.8%

JSON

On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot.

Affected configurations

Nvd

Node

oringnetiap-420\+_firmwareMatch2.0m

AND

oringnetiap-420\+Match-

Node

oringnetiap-420_firmwareMatch2.0m

AND

oringnetiap-420Match-

VendorProductVersionCPE
oringnetiap-420\+_firmware2.0mcpe:2.3:o:oringnet:iap-420\+_firmware:2.0m:*:*:*:*:*:*:*
oringnetiap-420\+-cpe:2.3:h:oringnet:iap-420\+:-:*:*:*:*:*:*:*
oringnetiap-420_firmware2.0mcpe:2.3:o:oringnet:iap-420_firmware:2.0m:*:*:*:*:*:*:*
oringnetiap-420-cpe:2.3:h:oringnet:iap-420:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oringnet	iap-420\+_firmware	2.0m	cpe:2.3:o:oringnet:iap-420\+_firmware:2.0m:::::::*
oringnet	iap-420\+	-	cpe:2.3:h:oringnet:iap-420\+:-:::::::*
oringnet	iap-420_firmware	2.0m	cpe:2.3:o:oringnet:iap-420_firmware:2.0m:::::::*
oringnet	iap-420	-	cpe:2.3:h:oringnet:iap-420:-:::::::*

References

mads.uniud.it/2022/09/lord-of-the-orings/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

68.8%

JSON

Related for NVD:CVE-2022-3203

cvelist1 prion1 cve1