CVE-2022-47188
published 2023-03-31CVE-2022-47188: There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a…
PriorityP346high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.91%
55.6th percentile
There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| generex | cs141_firmware | < 2.06 | 2.06 |
| generex | ups_cs141 | >= 2.06 < 2.06 | 2.06 |
| linux | linux_kernel | >= 0 < 5.4.0-196.216 | 5.4.0-196.216 |
| linux | linux_kernel | >= 0 < 4.4.0-259.293 | 4.4.0-259.293 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux-raspi-5.4 vulnerabilities
osv·2024-10-10·CVSS 5.5
CVE-2021-47188 linux-raspi-5.4 vulnerabilities
linux-raspi-5.4 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Modular ISDN driver;
- MMC subsystem;
- SCSI drivers;
- F2FS file system;
- GFS2 file system;
- Netfilter;
- RxRPC session sockets;
- Integrity Measurement Architecture(IMA) framework;
(CVE-2021-47188, CVE-2024-39494, CVE-2022-48791, CVE-2022-48863,
CVE-2024-42228, CVE-2024-38570, CVE-2024-42160, CVE-2024-26787,
CVE-2024-27012, CVE-2024-26677)
OSV
linux-raspi vulnerabilities
osv·2024-10-01·CVSS 5.5
CVE-2021-47188 linux-raspi vulnerabilities
linux-raspi vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Modular ISDN driver;
- MMC subsystem;
- SCSI drivers;
- F2FS file system;
- GFS2 file system;
- Netfilter;
- RxRPC session sockets;
- Integrity Measurement Architecture(IMA) framework;
(CVE-2021-47188, CVE-2024-42160, CVE-2024-42228, CVE-2022-48863,
CVE-2024-26677, CVE-2024-26787, CVE-2024-38570, CVE-2024-39494,
CVE-2022-48791, CVE-2024-27012)
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
osv·2024-09-26·CVSS 5.5
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Input Device (Tablet) drivers;
- Modular ISDN driver;
- Multiple devices driver;
- Network drivers;
- Near Field Communication (NFC) drivers;
- SCSI drivers;
- GCT GDM724x LTE driver;
- USB subsystem;
- VFIO drivers;
- GFS2 file system;
- JFS file system;
- NILFS2 file system;
- Networking core;
- IPv4 networking;
- L2TP protocol;
- Netfilter;
- RxRPC session sockets;
(CVE-2024-26651, CVE-2024-38583, CVE-2023-52527, CVE-2024-26880,
CVE-2022-48850, CVE-2024-26733, CVE-2021-47188, CVE-2024-42154,
CVE-2023-52809, CVE-2024-42228, CVE-2022
OSV
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.
osv·2024-09-18·CVSS 5.5
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Modular ISDN driver;
- MMC subsystem;
- SCSI drivers;
- F2FS file system;
- GFS2 file system;
- Netfilter;
- RxRPC session sockets;
- Integrity Measurement Architecture(IMA) framework;
(CVE-2021-47188, CVE-2024-27012, CVE-2024-42228, CVE-2022-48791,
CVE-2024-39494, CVE-2022-48863, CVE-2024-26787, CVE-2024-42160,
CVE-2024-38570, CVE-2024-26677)
GHSA
GHSA-7j8w-v723-8chg: There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2
ghsa_unreviewed·2023-04-01
CVE-2022-47188 [HIGH] CWE-59 GHSA-7j8w-v723-8chg: There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2
There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://www.generex.de/support/changelogs/cs141/2-12https://www.generex.de/support/changelogs/cs141/page:2https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141https://www.generex.de/support/changelogs/cs141/2-12https://www.generex.de/support/changelogs/cs141/page:2https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141
2023-03-31
Published