Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-1039

The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access has been obtained, the other passwords can be changed. The weak password on Linux accounts can be accessed via SSH or Telnet, the former of which is by default enabled on trusted interfaces. While the SSH service does not support root login, a user logging in using either of the other Linux accounts may elevate to root access using the su command if they have access to the associated password.

Published

2022-04-20T16:15:08.360

Last Modified

2024-11-21T06:39:54.660

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.6 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-521
Type: Primary
CWE-521

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	redlion	da50n_firmware	*	Yes
Hardware	redlion	da50n	-	No

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-03 Third Party Advisory, US Government Resource ([email protected])
https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-03 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)