Vulnerability Description
Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sys_username_passwd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit information within the JS code sent to the customer within the Login.js file is a strong user (which is not documented) and also the password, which allow for super-user access. Username: chcadmin, Password: chcpassword.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chcnav | P5E Gnss Firmware | <= 4.1 |
| Chcnav | P5E Gnss | - |
Related Weaknesses (CWE)
References
- https://www.gov.il/en/Departments/faq/cve_advisoriesThird Party Advisory
- https://www.gov.il/en/Departments/faq/cve_advisoriesThird Party Advisory
FAQ
What is CVE-2022-30622?
CVE-2022-30622 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sys_username_passwd.cmd - T...
How severe is CVE-2022-30622?
CVE-2022-30622 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-30622?
Check the references section above for vendor advisories and patch information. Affected products include: Chcnav P5E Gnss Firmware, Chcnav P5E Gnss.