Vulnerability Description
Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during the upgrade firmware file upload process. This vulnerability allows authenticated attackers to create and upload their own custom-built firmware and inject malicious code. NOTE: the vendor's position is that this is a design choice, not a vulnerability
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Patlite | Nbm-D88N Firmware | <= 1.46 |
| Patlite | Nbm-D88N | - |
| Patlite | Nhl-3Fb1 Firmware | <= 1.46 |
| Patlite | Nhl-3Fb1 | - |
| Patlite | Nhl-3Fv1N Firmware | <= 1.46 |
| Patlite | Nhl-3Fv1N | - |
Related Weaknesses (CWE)
References
- https://gist.github.com/Nwqda/dfad4e11b545dd40aebca6031d202f66Broken Link
- https://www.patlite.com/network-products/lineup/nh-fb.htmlProductVendor Advisory
- https://www.youtube.com/watch?v=4r9FH6U2VR8Permissions Required
- https://gist.github.com/Nwqda/dfad4e11b545dd40aebca6031d202f66Broken Link
- https://www.patlite.com/network-products/lineup/nh-fb.htmlProductVendor Advisory
- https://www.youtube.com/watch?v=4r9FH6U2VR8Permissions Required
FAQ
What is CVE-2022-38625?
CVE-2022-38625 is a vulnerability with a CVSS score of 8.8 (HIGH). Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during the upgrade firmware file upload process. This vulnerability allows authenticated attackers to create an...
How severe is CVE-2022-38625?
CVE-2022-38625 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-38625?
Check the references section above for vendor advisories and patch information. Affected products include: Patlite Nbm-D88N Firmware, Patlite Nbm-D88N, Patlite Nhl-3Fb1 Firmware, Patlite Nhl-3Fb1, Patlite Nhl-3Fv1N Firmware.