Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-27179

A malicious actor having access to the exported configuration file may obtain the stored credentials and thereby gain access to the protected resource. If the same passwords were used for other resources, further such assets may be compromised.

Published

2022-04-20T16:15:08.660

Last Modified

2024-11-21T06:55:21.277

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.6 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-522

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	redlion	da50n_firmware	-	Yes
Hardware	redlion	da50n	-	No

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-03 Mitigation, Third Party Advisory, US Government Resource ([email protected])
https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-03 Mitigation, Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)