cbcvebase.
CVE-2022-34907
published 2022-07-25

CVE-2022-34907: An authentication bypass vulnerability exists in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to gain…

PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
15.82%
96.5th percentile
An authentication bypass vulnerability exists in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to gain access to the system with the highest authority possible and gain full control over the FileWave platform.

Affected

2 ranges
VendorProductVersion rangeFixed in
filewavefilewave< 14.6.314.6.3
filewavefilewave>= 14.7.0 < 14.7.214.7.2

Detection & IOCsextracted from sources · hover to see the quote

  • Monitor for unauthenticated access attempts to FileWave MDM administrative interfaces, particularly from external/untrusted sources, as exploitation requires no credentials.
  • ·Vulnerability affects FileWave versions before 14.6.3 and 14.7.x before 14.7.2. Ensure patched versions are confirmed before trusting authentication controls.
  • ·CVE-2022-34907 (auth bypass) is paired with CVE-2022-34906 (hard-coded cryptographic key) in the same platform; both are remotely exploitable and may be chained together for deeper compromise.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.