cbcvebase.
CVE-2022-47188
published 2023-03-31

CVE-2022-47188: There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a…

PriorityP346high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.91%
55.6th percentile
There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path.

Affected

4 ranges
VendorProductVersion rangeFixed in
generexcs141_firmware< 2.062.06
generexups_cs141>= 2.06 < 2.062.06
linuxlinux_kernel>= 0 < 5.4.0-196.2165.4.0-196.216
linuxlinux_kernel>= 0 < 4.4.0-259.2934.4.0-259.293

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.