Changingtec Megaservisignadapter vulnerabilities
3 known vulnerabilities affecting changingtec/megaservisignadapter.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2022-39060P2CRITICALCVSS 9.8fixed in 1.0.22.1004v1.0.17.08232023-01-31
CVE-2022-39060 [CRITICAL] CWE-20 CVE-2022-39060: ChangingTech MegaServiSignAdapter component has a vulnerability of improper input validation. An una
ChangingTech MegaServiSignAdapter component has a vulnerability of improper input validation. An unauthenticated remote attacker can exploit this vulnerability to access and modify HKEY_CURRENT_USER subkey (ex: AutoRUN) in Registry where malicious scripts can be executed to take control of the system or to terminate the service.
nvd
CVE-2022-39059P3HIGHCVSS 7.5fixed in 1.0.22.1004v1.0.17.08232023-01-31
CVE-2022-39059 [HIGH] CWE-22 CVE-2022-39059: ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file readi
ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files.
nvd
CVE-2022-39061P3MEDIUMCVSS 6.5fixed in 1.0.22.1004v1.0.17.08232023-01-31
CVE-2022-39061 [MEDIUM] CWE-125 CVE-2022-39061: ChangingTech MegaServiSignAdapter component has a vulnerability of Out-of-bounds Read due to insuffi
ChangingTech MegaServiSignAdapter component has a vulnerability of Out-of-bounds Read due to insufficient validation for parameter length. An unauthenticated remote attacker can exploit this vulnerability to access partial sensitive content in memory and disrupts partial services.
nvd