CVE-2022-3027

Description

The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. A threat actor could create an SSID with a malicious name, including non-standard characters that, when the device attempts connecting to the malicious SSID, the device can be exploited to write arbitrary files or display incorrect information.

Related CPE's

ocontechealthcms8000_firmware-*******

hcontechealthcms8000-*******

References

https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01

MitigationThird Party AdvisoryUS Government Resource

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io