Vulnerability Description
WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to send crafted requests to the server from the affected device. This vulnerability is exploitable due to a lack of authentication in the component Usb_upload.htm.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wayos | Lq-09 Firmware | 22.03.17 |
| Wayos | Lq-09 | - |
| Wayos | Lq-08 Firmware | 22.03.17 |
| Wayos | Lq-08 | - |
| Wayos | Lq-07 Firmware | 22.03.17 |
| Wayos | Lq-07 | - |
| Wayos | Lq-06 Firmware | 22.03.17 |
| Wayos | Lq-06 | - |
| Wayos | Lq-05 Firmware | 22.03.17 |
| Wayos | Lq-05 | - |
| Wayos | Lq-04 Firmware | 22.03.17 |
| Wayos | Lq-04 | - |
Related Weaknesses (CWE)
References
- https://github.com/splashsc/IOT_Vulnerability_Discovery/blob/main/wayos/wayos_LQExploitThird Party Advisory
- https://github.com/splashsc/IOT_Vulnerability_Discovery/blob/main/wayos/wayos_LQExploitThird Party Advisory
FAQ
What is CVE-2022-41489?
CVE-2022-41489 is a vulnerability with a CVSS score of 8.1 (HIGH). WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to send crafted requests to the server from the affected device. This vulnerability is exploi...
How severe is CVE-2022-41489?
CVE-2022-41489 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-41489?
Check the references section above for vendor advisories and patch information. Affected products include: Wayos Lq-09 Firmware, Wayos Lq-09, Wayos Lq-08 Firmware, Wayos Lq-08, Wayos Lq-07 Firmware.