CVE-2022-38789 - OpenCVE

An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Airties	Air 4920 Air 4920 Firmware Air 4921 Air 4921 Firmware Air 4971 Air 4971 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:airties:air_4920_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:airties:air_4920:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:airties:air_4921_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:airties:air_4921:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:airties:air_4971_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:airties:air_4971:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://airties.com/airties-information-security-policy/
https://github.com/ProxyStaffy/Airties-CVE-2022-38789/blob/main/Description

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-09-15T11:56:10

Updated: 2024-08-03T11:02:14.618Z

Reserved: 2022-08-27T00:00:00

Link: CVE-2022-38789

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-09-15T12:15:09.617

Modified: 2022-09-20T14:20:49.407

Link: CVE-2022-38789

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-15T11:56:10", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://airties.com/airties-information-security-policy/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/ProxyStaffy/Airties-CVE-2022-38789/blob/main/Description"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-38789", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://airties.com/airties-information-security-policy/", "refsource": "MISC", "url": "https://airties.com/airties-information-security-policy/"}, {"name": "https://github.com/ProxyStaffy/Airties-CVE-2022-38789/blob/main/Description", "refsource": "MISC", "url": "https://github.com/ProxyStaffy/Airties-CVE-2022-38789/blob/main/Description"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T11:02:14.618Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://airties.com/airties-information-security-policy/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/ProxyStaffy/Airties-CVE-2022-38789/blob/main/Description"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-38789", "datePublished": "2022-09-15T11:56:10", "dateReserved": "2022-08-27T00:00:00", "dateUpdated": "2024-08-03T11:02:14.618Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:airties:air_4920_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7500A67-4355-411F-B025-E4263DA0B95C", "versionEndExcluding": "2020-08-04", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:airties:air_4920:-:*:*:*:*:*:*:*", "matchCriteriaId": "464536CF-3B75-4708-A0A7-BF243BE7BE98", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:airties:air_4921_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CFFB8EF2-CBBC-489C-ABE8-D3E2FA6E01F4", "versionEndExcluding": "2020-08-04", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:airties:air_4921:-:*:*:*:*:*:*:*", "matchCriteriaId": "E88CA2C5-D8B8-4751-88DA-F713A34E7D0E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:airties:air_4971_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "66FCB5C5-729C-492F-BF8F-290DCEDDABAB", "versionEndExcluding": "2020-08-04", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:airties:air_4971:-:*:*:*:*:*:*:*", "matchCriteriaId": "06225783-E00A-4F9F-82A5-3EDFFE31A1D5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference."}, {"lang": "es", "value": "Se ha detectado un problema en Airties Smart Wi-Fi versiones anteriores a 04-08-2020. Permite a atacantes cambiar el SSID principal/de invitados y el PSK a valores arbitrarios, y mapear la LAN, debido a una Referencia Directa de Objetos Insegura"}], "id": "CVE-2022-38789", "lastModified": "2022-09-20T14:20:49.407", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-15T12:15:09.617", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://airties.com/airties-information-security-policy/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/ProxyStaffy/Airties-CVE-2022-38789/blob/main/Description"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "nvd@nist.gov", "type": "Primary"}]}