Vulnerability Description
Hytec Inter HWL-2511-SS v1.05 and below implements a SHA512crypt hash for the root account which can be easily cracked via a brute-force attack.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hytec | Hwl-2511-Ss Firmware | <= 1.05 |
| Hytec | Hwl-2511-Ss | - |
Related Weaknesses (CWE)
References
- https://gist.github.com/Nwqda/b27418ab801eb0b9cdbe8d042cb0249bBroken Link
- https://hytec.co.jp/eng/products/our-brand/hwl-2511-ss.htmlProductVendor Advisory
- https://hytec.co.jp/eng/wordpress/wp-content/uploads/2019/09/hwl-2511-ss-ds.3.0.Vendor Advisory
- https://gist.github.com/Nwqda/b27418ab801eb0b9cdbe8d042cb0249bBroken Link
- https://hytec.co.jp/eng/products/our-brand/hwl-2511-ss.htmlProductVendor Advisory
- https://hytec.co.jp/eng/wordpress/wp-content/uploads/2019/09/hwl-2511-ss-ds.3.0.Vendor Advisory
FAQ
What is CVE-2022-36555?
CVE-2022-36555 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Hytec Inter HWL-2511-SS v1.05 and below implements a SHA512crypt hash for the root account which can be easily cracked via a brute-force attack.
How severe is CVE-2022-36555?
CVE-2022-36555 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-36555?
Check the references section above for vendor advisories and patch information. Affected products include: Hytec Hwl-2511-Ss Firmware, Hytec Hwl-2511-Ss.