cbcvebase.
CVE-2022-3203
published 2022-10-21

CVE-2022-3203: On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or…

PriorityP358critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.85%
53.6th percentile
On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot.

Affected

3 ranges
VendorProductVersion rangeFixed in
oringiap-420
oringnetiap-420_+_firmware
oringnetiap-420_firmware
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.