CVE-2022-3738

Description

The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.

Related CPE's

owagopfc100_firmware********

hwagopfc100-*******

owagopfc200_firmware********

hwagopfc200-*******

owagotouch_panel_600_advanced_firmware********

hwagotouch_panel_600_advanced-*******

owagotouch_panel_600_standard_firmware********

hwagotouch_panel_600_standard-*******

owagotouch_panel_600_marine_firmware********

hwagotouch_panel_600_marine-*******

References

https://cert.vde.com/en/advisories/VDE-2022-054/

Third Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io