Vulnerability Description
Cross-site scripting vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini RPC-M4H [End of Sale] all firmware versions, WATCH BOOT nino RPC-M2CS firmware version 1.00A to 1.00D, WATCH BOOT light RPC-M5CS firmware version 1.00A to 1.00D, WATCH BOOT L-zero RPC-M4LS firmware version 1.00A to 1.20A, and Signage Rebooter RPC-M4HSi firmware version 1.00A), PoE Rebooter(PoE BOOT nino PoE8M2 firmware version 1.00A to 1.20A), Scheduler(TIME BOOT mini RSC-MT4H [End of Sale] all firmware versions, TIME BOOT RSC-MT8F [End of Sale] all firmware versions, TIME BOOT RSC-MT8FP [End of Sale] all firmware versions, TIME BOOT mini RSC-MT4HS firmware version 1.00A to 1.10A, and TIME BOOT RSC-MT8FS firmware version 1.00A to 1.00E), and Contact Converter(POSE SE10-8A7B1 firmware version 1.00A to 1.20A) allows a remote attacker with the administrative privilege to inject an arbitrary script via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Meikyo | Watch Boot Nino Rpc-M2C Firmware | - |
| Meikyo | Watch Boot Nino Rpc-M2C | - |
| Meikyo | Watch Boot Light Rpc-M5C Firmware | - |
| Meikyo | Watch Boot Light Rpc-M5C | - |
| Meikyo | Watch Boot L-Zero Rpc-M4L Firmware | - |
| Meikyo | Watch Boot L-Zero Rpc-M4L | - |
| Meikyo | Watch Boot Mini Rpc-M4H Firmware | - |
| Meikyo | Watch Boot Mini Rpc-M4H | - |
| Meikyo | Watch Boot Nino Rpc-M2Cs Firmware | >= 1.00a, <= 1.00d |
| Meikyo | Watch Boot Nino Rpc-M2Cs | - |
| Meikyo | Watch Boot Light Rpc-M5Cs Firmware | >= 1.00a, <= 1.00d |
| Meikyo | Watch Boot Light Rpc-M5Cs | - |
| Meikyo | Watch Boot L-Zero Rpc-M4Ls Firmware | >= 1.00a, <= 1.20a |
| Meikyo | Watch Boot L-Zero Rpc-M4Ls | - |
| Meikyo | Signage Rebooter Rpc-M4Hsi Firmware | 1.00a |
| Meikyo | Signage Rebooter Rpc-M4Hsi | - |
| Meikyo | Poe Boot Nino Poe8M2 Firmware | >= 1.00a, <= 1.20a |
| Meikyo | Poe Boot Nino Poe8M2 | - |
| Meikyo | Time Boot Mini Rsc-Mt4H Firmware | - |
| Meikyo | Time Boot Mini Rsc-Mt4H | - |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/jp/JVN58266015/index.htmlThird Party Advisory
- https://www.meikyo.co.jp/vln/PatchVendor Advisory
- https://jvn.jp/en/jp/JVN58266015/index.htmlThird Party Advisory
- https://www.meikyo.co.jp/vln/PatchVendor Advisory
FAQ
What is CVE-2022-28717?
CVE-2022-28717 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Cross-site scripting vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End...
How severe is CVE-2022-28717?
CVE-2022-28717 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-28717?
Check the references section above for vendor advisories and patch information. Affected products include: Meikyo Watch Boot Nino Rpc-M2C Firmware, Meikyo Watch Boot Nino Rpc-M2C, Meikyo Watch Boot Light Rpc-M5C Firmware, Meikyo Watch Boot Light Rpc-M5C, Meikyo Watch Boot L-Zero Rpc-M4L Firmware.