Main Vulnerability Database Vulnerabilities #VU66917

Hidden functionality in FLEXLAN FX3000 series and FLEXLAN FX2000 series - CVE-2022-36158

Published: September 1, 2022

Vulnerability identifier: #VU66917

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-36158

CWE-ID: CWE-912

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
FLEXLAN FX3000 series
FLEXLAN FX2000 series

Software vendor:
Contec

Description

The vulnerability allows a remote attacker to compromise vulnerable system

The vulnerability exists due to hidden functionality (backdoor) is present in software. A remote user on the local network can use this functionality to gain full access to the application and execute arbitrary OS command with an administrative privileges.

Remediation

Install updates from vendor's website.

External links

https://jvn.jp/en/vu/JVNVU98305100/index.html

Hidden functionality in FLEXLAN FX3000 series and FLEXLAN FX2000 series - CVE-2022-36158

Description

Remediation

External links

Please verify you're human