CVE-2022-35513
published 2022-09-07CVE-2022-35513: The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage.
PriorityP352high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
4.14%
89.6th percentile
The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| blink1 | blink1control2 | <= 2.2.7 | — |
| blink1 | blink1control2 | >= 0 < 2.2.9 | 2.2.9 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Blink1Control2 uses weak password encryption
ghsa·2022-09-08
CVE-2022-35513 [HIGH] CWE-326 Blink1Control2 uses weak password encryption
Blink1Control2 uses weak password encryption
The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage. Version 2.2.9 fixes the issue.
OSV
Blink1Control2 uses weak password encryption
osv·2022-09-08
CVE-2022-35513 [HIGH] Blink1Control2 uses weak password encryption
Blink1Control2 uses weak password encryption
The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage. Version 2.2.9 fixes the issue.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/168428/Blink1Control2-2.2.7-Weak-Password-Encryption.htmlhttps://github.com/p1ckzi/CVE-2022-35513https://github.com/todbot/Blink1Control2/releaseshttp://packetstormsecurity.com/files/168428/Blink1Control2-2.2.7-Weak-Password-Encryption.htmlhttps://github.com/p1ckzi/CVE-2022-35513https://github.com/todbot/Blink1Control2/releases
2022-09-07
Published