Multiple vulnerabilities in Red Lion DA50N



Published: 2022-04-19
Risk High
Patch available NO
Number of vulnerabilities 3
CVE-ID CVE-2022-26516
CVE-2022-1039
CVE-2022-27179
CWE-ID CWE-345
CWE-521
CWE-522
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
DA50N
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor Red Lion Controls

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Insufficient verification of data authenticity

EUVDB-ID: #VU62370

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-26516

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: No

Description

The vulnerability allows a remote user to compromsie the target system.

The vulnerability exists due to insufficient verification of data authenticity. A remote administrator can install a maliciously modified package file when updating the device via the web user interface.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

DA50N: All versions


CPE2.3 External links

http://ics-cert.us-cert.gov/advisories/icsa-22-104-03

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Weak password requirements

EUVDB-ID: #VU62371

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1039

CWE-ID: CWE-521 - Weak Password Requirements

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform brute-force attack and guess the password.

The vulnerability exists due to weak password requirements. A remote attacker can perform a brute-force attack and guess users' passwords, leading to privilege escalation.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

DA50N: All versions


CPE2.3 External links

http://ics-cert.us-cert.gov/advisories/icsa-22-104-03

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

3) Insufficiently protected credentials

EUVDB-ID: #VU62372

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-27179

CWE-ID: CWE-522 - Insufficiently Protected Credentials

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insufficiently protected credentials. A remote user can obtain the stored credentials and gain access to the protected resource.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

DA50N: All versions


CPE2.3 External links

http://ics-cert.us-cert.gov/advisories/icsa-22-104-03

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###