CVE-2022-24660 — HIGH (7.5)

Q: How severe is CVE-2022-24660?

CVE-2022-24660 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-24660?

Check the references section above for vendor advisories and patch information. Affected products include: Goldshell Goldshell Miner Firmware.

Vulnerability Description

The debug interface of Goldshell ASIC Miners v2.2.1 and below was discovered to be exposed publicly on the web interface, allowing attackers to access passwords and other sensitive information in plaintext.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Goldshell	Goldshell Miner Firmware	<= 2.2.1

Related Weaknesses (CWE)

CWE-312

References

https://github.com/goldshellminer/firmwareThird Party Advisory
https://jamesachambers.com/cryptocurrency-asic-miners-security-and-hacking-auditExploitMitigationThird Party Advisory
https://github.com/goldshellminer/firmwareThird Party Advisory
https://jamesachambers.com/cryptocurrency-asic-miners-security-and-hacking-auditExploitMitigationThird Party Advisory

FAQ

What is CVE-2022-24660?

CVE-2022-24660 is a vulnerability with a CVSS score of 7.5 (HIGH). The debug interface of Goldshell ASIC Miners v2.2.1 and below was discovered to be exposed publicly on the web interface, allowing attackers to access passwords and other sensitive information in plai...

How severe is CVE-2022-24660?

CVE-2022-24660 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-24660?

Check the references section above for vendor advisories and patch information. Affected products include: Goldshell Goldshell Miner Firmware.