CVE-2022-22512
published 2023-03-23CVE-2022-22512: Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the…
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.68%
47.6th percentile
Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| varta | element_backup_firmware | < f21000400 | f21000400 |
| varta | element_s1_firmware | < 2e.3.8.0 | 2e.3.8.0 |
| varta | element_s2_firmware | < 2e.3.8.0 | 2e.3.8.0 |
| varta | element_s3_firmware | < 2e.3.8.0 | 2e.3.8.0 |
| varta | element_s3_firmware | >= 2e.4.0.0 < 2e.4.4.0 | 2e.4.4.0 |
| varta | element_s4_firmware | < d21010400 | d21010400 |
| varta | one_l_firmware | < 2e.3.8.0 | 2e.3.8.0 |
| varta | one_xl_firmware | < 2e.3.8.0 | 2e.3.8.0 |
| varta | pulse_firmware | < c21010800 | c21010800 |
| varta_storage | element_backup | < F21000400 | F21000400 |
| varta_storage | element_s1 | < 2e.3.8.0 | 2e.3.8.0 |
| varta_storage | element_s2 | < 2e.3.8.0 | 2e.3.8.0 |
| varta_storage | element_s3 | < 2e.3.8.0 | 2e.3.8.0 |
| varta_storage | element_s3 | < 2e.4.4.0 | 2e.4.4.0 |
| varta_storage | element_s4 | < D21010400 | D21010400 |
| varta_storage | one_l_xl | < 2e.3.8.0 | 2e.3.8.0 |
| varta_storage | pulse | < C21010800 | C21010800 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-03-23
Published