Impact
The AS228T firmware contains an authentication bypass flaw identified as CWE‑288. This weakness permits an adversary to circumvent the device’s authentication checks and gain unauthorized access. An attacker who successfully exploits the defect could potentially access privileged functions, configure the device, or use it as a pivot for further malicious activity. The impact is a direct loss of confidentiality and integrity for the managed system and could lead to unauthorized control of the affected asset.
Affected Systems
The vulnerability applies to DeltaWw AS228T devices. No explicit affected version range is provided; therefore, all firmware versions below 1.16 are presumed vulnerable until upgraded. The vendor has released a firmware update (v1.16 or later) that addresses the authentication bypass issue.
Risk and Exploitability
The CVSS score of 7.4 classifies the vulnerability as high severity. EPSS data is not available, and the flaw is not listed in the CISA KEV catalog. Based on the description it is inferred that an attacker could exploit the weakness remotely if the device’s authentication service is exposed, or locally via a network where management credentials are accessible. The absence of an EPSS value suggests the exploitation probability is not currently quantified, but the high CVSS score indicates that, if exploited, the consequences would be significant.
OpenCVE Enrichment