Vulnerability Description
Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin.
CVSS Score
9.1
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tekon | Kio Firmware | <= 2022-03-30 |
| Tekon | Kio | - |
| Tekon | Kio-1M Firmware | <= 2022-03-30 |
| Tekon | Kio-1M | - |
| Tekon | Kio-2Mrs Firmware | <= 2022-03-30 |
| Tekon | Kio-2Mrs | - |
| Tekon | Kio-2M Firmware | <= 2022-03-30 |
| Tekon | Kio-2M | - |
| Tekon | Kio-2Ms Firmware | <= 2022-03-30 |
| Tekon | Kio-2Ms | - |
| Tekon | Kio-2Md Firmware | <= 2022-03-30 |
| Tekon | Kio-2Md | - |
| Tekon | Kio-8\(4\) Firmware | <= 2022-03-30 |
| Tekon | Kio-8\(4\) | - |
| Tekon | Kio-8\(4\)L Firmware | <= 2022-03-30 |
| Tekon | Kio-8\(4\)L | - |
Related Weaknesses (CWE)
References
- https://medium.com/%40bertinjoseb/post-auth-rce-based-in-malicious-lua-plugin-sc
- https://medium.com/%40bertinjoseb/post-auth-rce-based-in-malicious-lua-plugin-sc
FAQ
What is CVE-2022-28223?
CVE-2022-28223 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin.
How severe is CVE-2022-28223?
CVE-2022-28223 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-28223?
Check the references section above for vendor advisories and patch information. Affected products include: Tekon Kio Firmware, Tekon Kio, Tekon Kio-1M Firmware, Tekon Kio-1M, Tekon Kio-2Mrs Firmware.