CVE-2022-35239

CWE-20 — Improper Input Validation3 documents3 sources

Severity

8.8HIGH

EPSS

0.8%

top 25.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Contec Sv-cpt-mc310 Firmware Contec Sv-cpt-mc310f Firmware Contec Co., Ltd. Solarview Compact

Timeline

PublishedAug 16

Latest updateAug 17

Description

The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated attacker uploads a specially crafted PHP file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDcontec/sv-cpt-mc310_firmware< 7.24

▶NVDcontec/sv-cpt-mc310f_firmware< 7.24

▶CVEListV5contec_co.,_ltd./solarview_compactSV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier

🔴Vulnerability Details

GHSA

GHSA-3vpf-2pmh-fq33: The image file management page of SolarView Compact SV-CPT-MC310 Ver↗2022-08-17

▶

CVEList

CVE-2022-35239: The image file management page of SolarView Compact SV-CPT-MC310 Ver↗2022-08-16

▶