CVE-2022-34827
published 2022-11-18CVE-2022-34827: Carel Boss Mini 1.5.0 has Improper Access Control.
PriorityP351critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
0.77%
50.8th percentile
Carel Boss Mini 1.5.0 has Improper Access Control.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| carel | boss_mini_firmware | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Carel Boss Mini 1.5.0 access control (EUVD-2022-37733)
vuldb·2026-06-14·CVSS 9.9
CVE-2022-34827 [CRITICAL] Carel Boss Mini 1.5.0 access control (EUVD-2022-37733)
A vulnerability classified as critical was found in Carel Boss Mini 1.5.0. Affected is an unknown function. Such manipulation leads to improper access controls.
This vulnerability is traded as CVE-2022-34827. Access to the local network is required for this attack to succeed. There is no exploit available.
GHSA
GHSA-5w9h-x2v4-5xm7: Carel Boss Mini 1
ghsa_unreviewed·2022-11-19
CVE-2022-34827 [CRITICAL] CWE-284 GHSA-5w9h-x2v4-5xm7: Carel Boss Mini 1
Carel Boss Mini 1.5.0 has Improper Access Control.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/mandiant/Vulnerability-Disclosureshttps://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0040/MNDT-2022-0040.mdhttps://github.com/mandiant/Vulnerability-Disclosureshttps://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0040/MNDT-2022-0040.md
2022-11-18
Published