CVE-2022-28113 Information

Description

An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows attackers to write files and reset the user passwords without having a valid session cookie.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Reference

https://github.com/code-byter/CVE-2022-28113 https://drive.google.com/file/d/1OvpNieX3pYFaZprglr5T0lV0WuLoLcLu/view?usp=sharing https://code-byter.com/2022/04/06/fantec-wifi.html https://drive.google.com/file/d/1s1AgI5Dw7_GNenmI-mw0Sx2B9MkNTbc7/view?usp=sharing

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.2