CVE-2021-22737

CWE-307 CWE-522 — Insufficiently Protected Credentials3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.3%

top 46.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Homelynk Firmware Schneider-electric Spacelynk Firmware

Timeline

PublishedMay 26

Latest updateMay 24

Description

Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access of when credentials are discovered after a brute force attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5homelynk_(wiser_for_knx)_and_spacelynk_v2.60_and_priorhomeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior

▶NVDschneider-electric/homelynk_firmware2.6.0

▶NVDschneider-electric/spacelynk_firmware2.6.0

🔴Vulnerability Details

GHSA

GHSA-5v8x-r44h-3xh9: Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2↗2022-05-24

▶

CVEList

CVE-2021-22737: Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2↗2021-05-26

▶