Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-27438

Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check.

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 8.1, indicating it can be exploited remotely over the network but requires specific conditions to be met without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 99 products from caphyon, from 3cx, from 3cx and 96 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2022, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2022-06-06T23:15:07.920

Last Modified

2024-11-21T06:55:44.173

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: HIGH
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

4.9

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-494
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application caphyon advanced_installer < 19.4 Yes
Application 3cx call_flow_designer 18.2.13 Yes
Application 3cx crm_template_generator 2.1.23 Yes
Application boom boomtv_streamer_portal 2.2.1 Yes
Application codesector direct_folders 4.0 Yes
Application codesector teracopy 3.8.5 Yes
Application emeditor emeditor 21.3.0 Yes
Application flamory flamory 4.2.19.0 Yes
Application freesnippingtool free_snipping_tool 5.6.0.0 Yes
Application fxsound fxsound 1.1.12.0 Yes
Application gainedge better_explorer 2020.3.15.1304 Yes
Application gamecaster gamecaster 4.0.2109.2802 Yes
Application getmailbird mailbird 2.9.50.0 Yes
Application guzogo guzogo 1.0.5.0 Yes
Application honeygain honeygain 0.10.7.0 Yes
Application jki vi_package_manager 21.1.2754 Yes
Application jpsoft take_command 28.2.18 Yes
Application krylack archive_password_recovery 3.70.69 Yes
Application krylack asterisks_password_decryptor 3.31.107 Yes
Application krylack burning_suite 1.20.05 Yes
Application krylack rar_password_recovery 3.70.69 Yes
Application krylack volume_serial_number_editor 2.02.34 Yes
Application krylack zip_password_recovery 3.70.69 Yes
Application moonsoftware password_agent 20.10.1 Yes
Application nefarius scptoolkit 1.6.238.16010 Yes
Application plagiarismcheckerx plagiarism_checker_x 8.0.6 Yes
Application prusa3d prusaslicer 2.4.2 Yes
Application realdefense mycleanid 4.1.4 Yes
Application realdefense mycleanpc 4.0.2 Yes
Application realdefense mypasslock 1.9.6 Yes
Application rovio angry_birds_space 1.4.1 Yes
Application rovio bad_piggies 1.3.0 Yes
Application synaptics displaylink_usb_graphics < 10.3.6400.0 Yes
Application urban-vpn urban_vpn 2.2.5 Yes
Application vigem vigembus_driver 1.16.116 Yes
Application vpnhood vpnhood 2.4.299 Yes
Application vrdesktop virtual_desktop_streamer 1.20.16 Yes
Application xsplit xsplit_express_video_editor 3.0.2001.801 Yes
Operating System rstinstruments vw0420_firmware 1.33.0 Yes
Hardware rstinstruments vw0420 - No
Application rstinstruments inclinalysis_digital_inclinometer 2.48.9 Yes
Application rstinstruments ipi_utility 1.05.0 Yes
Operating System rstinstruments rstar_rtu_host 1.33.0 Yes
Operating System rstinstruments dt2011_firmware 1.19.4.0 Yes
Hardware rstinstruments dt2011 - No
Operating System rstinstruments dt2011b_firmware 1.19.4.0 Yes
Hardware rstinstruments dt2011b - No
Operating System rstinstruments dt2040_firmware 1.19.4.0 Yes
Hardware rstinstruments dt2040 - No
Operating System rstinstruments dt2050_firmware 1.19.4.0 Yes
Hardware rstinstruments dt2050 - No
Operating System rstinstruments dt2050b_firmware 1.19.4.0 Yes
Hardware rstinstruments dt2050b - No
Operating System rstinstruments dt2055b_firmware 1.19.4.0 Yes
Hardware rstinstruments dt2055b - No
Operating System rstinstruments dt2306_firmware 1.19.4.0 Yes
Hardware rstinstruments dt2306 - No
Operating System rstinstruments dt2350_firmware 1.19.4.0 Yes
Hardware rstinstruments dt2350 - No
Operating System rstinstruments dt2485_firmware 1.19.4.0 Yes
Hardware rstinstruments dt2485 - No
Operating System rstinstruments dt4205_firmware 1.19.4.0 Yes
Hardware rstinstruments dt4205 - No
Operating System rstinstruments dtsaa_firmware 1.19.4.0 Yes
Hardware rstinstruments dtsaa - No
Operating System rstinstruments ic6560_firmware 1.19.4.0 Yes
Hardware rstinstruments ic6560 - No
Operating System rstinstruments ic6660_firmware 1.19.4.0 Yes
Hardware rstinstruments ic6660 - No
Operating System rstinstruments dtl201b\/2b_firmware 1.19.4.0 Yes
Hardware rstinstruments dtl201b\/2b - No
Operating System rstinstruments mtcm_firmware 1.19.4.0 Yes
Hardware rstinstruments mtcm - No
Operating System rstinstruments gaa2820_firmware 1.19.4.0 Yes
Hardware rstinstruments gaa2820 - No
Operating System rstinstruments rtu_firmware 1.19.4.0 Yes
Hardware rstinstruments rtu - No
Operating System rstinstruments mems_tilt_meter_firmware 1.20.1 Yes
Hardware rstinstruments mems_tilt_meter - No
Operating System rstinstruments portable_tilt_meter_firmware 1.20.1 Yes
Hardware rstinstruments portable_tilt_meter - No
Operating System rstinstruments vw2106_firmware - Yes
Hardware rstinstruments vw2106 - No
Operating System rstinstruments th2016_firmware 1.4.0.2 Yes
Hardware rstinstruments th2016 - No
Operating System rstinstruments th2016b_firmware 1.4.0.2 Yes
Hardware rstinstruments th2016b - No
Operating System rstinstruments ma7_firmware 1.4.0.2 Yes
Hardware rstinstruments ma7 - No
Operating System rstinstruments qb120_firmware 1.4.0.2 Yes
Hardware rstinstruments qb120 - No
Operating System rstinstruments sg350_firmware 1.4.0.2 Yes
Hardware rstinstruments sg350 - No
Operating System rstinstruments ir420_firmware 1.4.0.2 Yes
Hardware rstinstruments ir420 - No
Operating System rstinstruments lp100_firmware 1.4.0.2 Yes
Hardware rstinstruments lp100 - No
Operating System rstinstruments c109_firmware 1.4.0.2 Yes
Hardware rstinstruments c109 - No
References

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For caphyon's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.