Da50N Firmware
CVE-2022-26516
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Authorized users may install a maliciously modified package file when updating the device via the web user interface. The user may inadvertently use a package file obtained from an unauthorized source or a file that was compromised between download and deployment.
AnalysisAI
Authorized users may install a maliciously modified package file when updating the device via the web user interface. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-345. Authorized users may install a maliciously modified package file when updating the device via the web user interface. The user may inadvertently use a package file obtained from an unauthorized source or a file that was compromised between download and deployment. Affected products include: Redlion Da50N Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Da50N Firmware
View allThe weak password on the web user interface can be exploited via HTTP or HTTPS. Rated critical severity (CVSS 9.8), this
A malicious actor having access to the exported configuration file may obtain the stored credentials and thereby gain ac
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today