CVE-2022-36158 — HIGH (8.0)

Q: How severe is CVE-2022-36158?

CVE-2022-36158 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-36158?

Check the references section above for vendor advisories and patch information. Affected products include: Contec Fxa3000 Firmware, Contec Fxa3000, Contec Fxa3020 Firmware, Contec Fxa3020, Contec Fxa3200 Firmware.

Vulnerability Description

Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page (/usr/www/ja/mnt_cmd.cgi).

CVSS Score

8.0

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Contec	Fxa3000 Firmware	<= 1.13.00
Contec	Fxa3000	-
Contec	Fxa3020 Firmware	<= 1.13.00
Contec	Fxa3020	-
Contec	Fxa3200 Firmware	<= 1.13.00
Contec	Fxa3200	-
Contec	Fxa2000 Firmware	< 1.39.00
Contec	Fxa2000	-

Related Weaknesses (CWE)

CWE-425

References

https://gist.github.com/Nwqda/aac33d1936d2b514a3268f145345abb4Broken LinkThird Party Advisory
https://jvn.jp/en/vu/JVNVU98305100/PatchThird Party Advisory
https://samy.link/blog/contec-flexlan-fxa2000-and-fxa3000-series-vulnerability-rExploitMitigationThird Party Advisory
https://www.contec.com/products-services/computer-networking/flexlan-fx/fx-accesProduct
https://gist.github.com/Nwqda/aac33d1936d2b514a3268f145345abb4Broken LinkThird Party Advisory
https://jvn.jp/en/vu/JVNVU98305100/PatchThird Party Advisory
https://samy.link/blog/contec-flexlan-fxa2000-and-fxa3000-series-vulnerability-rExploitMitigationThird Party Advisory
https://www.contec.com/products-services/computer-networking/flexlan-fx/fx-accesProduct

FAQ

What is CVE-2022-36158?

CVE-2022-36158 is a vulnerability with a CVSS score of 8.0 (HIGH). Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidde...

How severe is CVE-2022-36158?

CVE-2022-36158 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-36158?

Check the references section above for vendor advisories and patch information. Affected products include: Contec Fxa3000 Firmware, Contec Fxa3000, Contec Fxa3020 Firmware, Contec Fxa3020, Contec Fxa3200 Firmware.