Vulnerability Description
NPS before v0.26.10 was discovered to contain an authentication bypass vulnerability via constantly generating and sending the Auth key and Timestamp parameters.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ehang-Io | Nps | >= 0.19.0, <= 0.26.10 |
Related Weaknesses (CWE)
References
- https://blog.carrot2.cn/2022/08/cve-2022-40494.htmlExploitThird Party Advisory
- https://github.com/1security/Vulnerability/blob/main/web/nps/1.mdBroken Link
- https://blog.carrot2.cn/2022/08/cve-2022-40494.htmlExploitThird Party Advisory
- https://github.com/1security/Vulnerability/blob/main/web/nps/1.mdBroken Link
FAQ
What is CVE-2022-40494?
CVE-2022-40494 is a vulnerability with a CVSS score of 9.8 (CRITICAL). NPS before v0.26.10 was discovered to contain an authentication bypass vulnerability via constantly generating and sending the Auth key and Timestamp parameters.
How severe is CVE-2022-40494?
CVE-2022-40494 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-40494?
Check the references section above for vendor advisories and patch information. Affected products include: Ehang-Io Nps.