CVE-2022-47618 - OpenCVE

Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator credentials. An unauthenticated remote attacker can use these credentials to log in administrator page, to manipulate system or disrupt service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Meritlilin	Ah55b04 Ah55b04 Firmware Ah55b08 Ah55b08 Firmware

Configuration 1 [-]

AND

cpe:2.3:h:meritlilin:ah55b08:-:*:*:*:*:*:*:*

cpe:2.3:o:meritlilin:ah55b08_firmware:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:meritlilin:ah55b04:-:*:*:*:*:*:*:*

cpe:2.3:o:meritlilin:ah55b04_firmware:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.twcert.org.tw/tw/cp-132-6825-6691e-1.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: twcert

Published: 2023-01-03T00:00:00

Updated: 2024-08-03T15:02:36.410Z

Reserved: 2022-12-20T00:00:00

Link: CVE-2022-47618

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-01-03T03:15:10.910

Modified: 2023-01-10T16:52:19.820

Link: CVE-2022-47618

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-47618", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "dateUpdated": "2024-08-03T15:02:36.410Z", "dateReserved": "2022-12-20T00:00:00", "datePublished": "2023-01-03T00:00:00"}, "containers": {"cna": {"title": "Merit Lilin Ent. Co., Ltd. AH55B04 & AH55B08 DVR - Hard-coded Credentials", "datePublic": "2022-12-29T00:00:00", "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2023-01-03T00:00:00"}, "descriptions": [{"lang": "en", "value": "Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator credentials. An unauthenticated remote attacker can use these credentials to log in administrator page, to manipulate system or disrupt service."}], "affected": [{"vendor": "Merit Lilin Ent. Co., Ltd.", "product": "AH55B04 DVR firmware", "versions": [{"version": "unspecified", "lessThanOrEqual": "SVN#7570", "status": "affected", "versionType": "custom"}]}, {"vendor": "Merit Lilin Ent. Co., Ltd.", "product": "AH55B08 DVR firmware", "versions": [{"version": "unspecified", "lessThanOrEqual": "SVN#7570", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-6825-6691e-1.html"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-798 Use of Hard-coded Credentials", "cweId": "CWE-798"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "TVN-202212007", "discovery": "EXTERNAL"}, "solutions": [{"lang": "en", "value": "Update Merit LILIN AH55B04 & AH55B08 DVR version to SVN#8044"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:02:36.410Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-6825-6691e-1.html", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:ah55b08:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FC34E0B-3AA9-4F78-AA6E-1045CFD22FA2", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:ah55b08_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "AA6396B9-AC46-40D8-A42B-922A41D41B9F", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:ah55b04:-:*:*:*:*:*:*:*", "matchCriteriaId": "6FE0F441-346E-485C-8FC2-D19AB9F45CED", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:ah55b04_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "ECA4E6AC-B883-47DF-B6E7-A0EF095E9ED8", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator credentials. An unauthenticated remote attacker can use these credentials to log in administrator page, to manipulate system or disrupt service."}], "id": "CVE-2022-47618", "lastModified": "2023-01-10T16:52:19.820", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2023-01-03T03:15:10.910", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.twcert.org.tw/tw/cp-132-6825-6691e-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-798"}], "source": "twcert@cert.org.tw", "type": "Secondary"}]}