CVE-2022-42787

Description

Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be successful a user interaction is required.

Related CPE's

owutat-modem-emulator_firmware********

hwutat-modem-emulator-*******

owutcom-server_\+\+_firmware********

hwutcom-server_\+\+-*******

owutcom-server_20ma_firmware********

hwutcom-server_20ma-*******

owutcom-server_highspeed_100basefx_firmware********

hwutcom-server_highspeed_100basefx-*******

owutcom-server_highspeed_100baselx_firmware********

hwutcom-server_highspeed_100baselx-*******

References

https://cert.vde.com/de/advisories/VDE-2022-043

Vendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io