Da50N Firmware
CVE-2022-27179
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
A malicious actor having access to the exported configuration file may obtain the stored credentials and thereby gain access to the protected resource. If the same passwords were used for other resources, further such assets may be compromised.
AnalysisAI
A malicious actor having access to the exported configuration file may obtain the stored credentials and thereby gain access to the protected resource. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Insufficiently Protected Credentials (CWE-522), which allows attackers to obtain user credentials due to weak protection mechanisms. A malicious actor having access to the exported configuration file may obtain the stored credentials and thereby gain access to the protected resource. If the same passwords were used for other resources, further such assets may be compromised. Affected products include: Redlion Da50N Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Hash passwords with strong algorithms (bcrypt, argon2), encrypt credentials in transit and at rest, never log credentials.
More in Da50N Firmware
View allThe weak password on the web user interface can be exploited via HTTP or HTTPS. Rated critical severity (CVSS 9.8), this
Authorized users may install a maliciously modified package file when updating the device via the web user interface. Ra
Same weakness CWE-522 – Insufficiently Protected Credentials
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today