6Gk6108 4Am00 2Ba2 Firmware
CVE-2022-31765
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges.
AnalysisAI
Affected devices do not properly authorize the change password function of the web interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
Technical ContextAI
This vulnerability is classified as Missing Authorization (CWE-862), which allows attackers to access resources or perform actions without proper authorization checks. Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges. Affected products include: Siemens 6Gk6108-4Am00-2Ba2 Firmware, Siemens 6Gk6108-4Am00-2Da2 Firmware, Siemens 6Gk5804-0Ap00-2Aa2 Firmware, Siemens 6Gk5812-1Aa00-2Aa2 Firmware, Siemens 6Gk5812-1Ba00-2Aa2 Firmware.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Implement role-based access control, validate authorization on every request server-side, apply principle of least privilege.
More in 6Gk6108 4Am00 2Ba2 Firmware
View allThe gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS sig
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDC
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today