CVE-2022-23768 - OpenCVE

This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the device.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Neoinfosys	Nis-hap11ac Nis-hap11ac Firmware

Configuration 1 [-]

AND

cpe:2.3:o:neoinfosys:nis-hap11ac_firmware:3.0:b20201117095902:*:*:*:*:*:*

cpe:2.3:h:neoinfosys:nis-hap11ac:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66928

History

No history.

MITRE

Status: PUBLISHED

Assigner: krcert

Published: 2022-09-19T19:48:57

Updated: 2024-08-03T03:51:45.956Z

Reserved: 2022-01-19T00:00:00

Link: CVE-2022-23768

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-09-19T20:15:12.317

Modified: 2022-09-21T17:02:44.120

Link: CVE-2022-23768

Redhat

No data.

{"containers": {"cna": {"affected": [{"platforms": ["Windows, Android and etc."], "product": "Home AP NIS-HAP11AC", "vendor": "Neo Information Systems Co., Ltd", "versions": [{"status": "affected", "version": "V3.0-B20201117095902"}]}], "descriptions": [{"lang": "en", "value": "This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the device."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-19T19:48:56", "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "shortName": "krcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66928"}], "source": {"discovery": "UNKNOWN"}, "title": "Neo Information Sys. NIS-HAP11AC remote access and manipulation vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2022-23768", "STATE": "PUBLIC", "TITLE": "Neo Information Sys. NIS-HAP11AC remote access and manipulation vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Home AP NIS-HAP11AC", "version": {"version_data": [{"platform": "Windows, Android and etc.", "version_affected": "=", "version_value": "V3.0-B20201117095902"}]}}]}, "vendor_name": "Neo Information Systems Co., Ltd"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the device."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284 Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66928", "refsource": "MISC", "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66928"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:51:45.956Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66928"}]}]}, "cveMetadata": {"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "assignerShortName": "krcert", "cveId": "CVE-2022-23768", "datePublished": "2022-09-19T19:48:57", "dateReserved": "2022-01-19T00:00:00", "dateUpdated": "2024-08-03T03:51:45.956Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:neoinfosys:nis-hap11ac_firmware:3.0:b20201117095902:*:*:*:*:*:*", "matchCriteriaId": "0AF64FEB-6494-42B1-BE64-E262C163568A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:neoinfosys:nis-hap11ac:-:*:*:*:*:*:*:*", "matchCriteriaId": "EFBB01E2-EC7C-4727-9509-A727149B7B29", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the device."}, {"lang": "es", "value": "Esta vulnerabilidad en NIS-HAP11AC est\u00e1 causada por un puerto externo expuesto para el servicio telnet. Los atacantes remotos usan esta vulnerabilidad para inducir todos los ataques como el secuestro del c\u00f3digo fuente, el control remoto del dispositivo"}], "id": "CVE-2022-23768", "lastModified": "2022-09-21T17:02:44.120", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "vuln@krcert.or.kr", "type": "Secondary"}]}, "published": "2022-09-19T20:15:12.317", "references": [{"source": "vuln@krcert.or.kr", "tags": ["Third Party Advisory"], "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66928"}], "sourceIdentifier": "vuln@krcert.or.kr", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "vuln@krcert.or.kr", "type": "Secondary"}]}