CVE-2022-25008Missing Authentication for Critical Function in Ex1200t Firmware

CWE-306Missing Authentication for Critical Function3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.2%
top 61.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink Ex1200t FirmwareTotolink Ex300 V2 Firmware
Timeline
PublishedMar 30
Latest updateApr 1

Description

totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDtotolink/ex1200t_firmware4.1.2cu.5230_b20210706
NVDtotolink/ex300_v2_firmware4.0.3c.140_b20210429

🔴Vulnerability Details

2
GHSA
GHSA-4ppq-2435-3w6v: totolink EX300_v2 V42022-04-01
CVEList
CVE-2022-25008: totolink EX300_v2 V42022-03-30
CVE-2022-25008 — Ex1200t Firmware vulnerability | cvebase