Sitemanager 1129 Firmware
CVE-2022-38124
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner.
AnalysisAI
Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-267. Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner. Affected products include: Secomea Sitemanager 1129 Firmware, Secomea Sitemanager 3329 Firmware, Secomea Sitemanager 1529 Firmware, Secomea Sitemanager 3529 Firmware, Secomea Sitemanager 1139 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Sitemanager 1129 Firmware
View allStack-based Buffer Overflow vulnerability in SiteManager allows logged-in or local user to cause arbitrary code executio
Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. Rated medi
Same weakness CWE-267 – Privilege Defined With Unsafe Actions
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today