cbcvebase.
CVE-2022-22512
published 2023-03-23

CVE-2022-22512: Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the…

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.68%
47.6th percentile
Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network.

Affected

17 ranges
VendorProductVersion rangeFixed in
vartaelement_backup_firmware< f21000400f21000400
vartaelement_s1_firmware< 2e.3.8.02e.3.8.0
vartaelement_s2_firmware< 2e.3.8.02e.3.8.0
vartaelement_s3_firmware< 2e.3.8.02e.3.8.0
vartaelement_s3_firmware>= 2e.4.0.0 < 2e.4.4.02e.4.4.0
vartaelement_s4_firmware< d21010400d21010400
vartaone_l_firmware< 2e.3.8.02e.3.8.0
vartaone_xl_firmware< 2e.3.8.02e.3.8.0
vartapulse_firmware< c21010800c21010800
varta_storageelement_backup< F21000400F21000400
varta_storageelement_s1< 2e.3.8.02e.3.8.0
varta_storageelement_s2< 2e.3.8.02e.3.8.0
varta_storageelement_s3< 2e.3.8.02e.3.8.0
varta_storageelement_s3< 2e.4.4.02e.4.4.0
varta_storageelement_s4< D21010400D21010400
varta_storageone_l_xl< 2e.3.8.02e.3.8.0
varta_storagepulse< C21010800C21010800
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.