cbcvebase.

Infiray Iray-A8Z3 Firmware vulnerabilities

4 known vulnerabilities affecting infiray/iray-a8z3_firmware.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH1

Vulnerabilities

Page 1 of 1
CVE-2022-31208P2HIGHCVSS 8.8Exploitedv1.0.9572022-07-17
CVE-2022-31208 [HIGH] CVE-2022-31208: An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can ex An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmd_string URL parameter.
nvd
CVE-2022-31211P3CRITICALCVSS 9.8v1.0.9572022-07-17
CVE-2022-31211 [CRITICAL] CWE-521 CVE-2022-31211: An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET by d An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET by default.
nvd
CVE-2022-31209P3CRITICALCVSS 9.8v1.0.9572022-07-17
CVE-2022-31209 [CRITICAL] CWE-120 CVE-2022-31209: An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware contains a potential buffer overf An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware contains a potential buffer overflow by calling strcpy() without checking the string length beforehand.
nvd
CVE-2022-31210P3CRITICALCVSS 9.8v1.0.9572022-07-17
CVE-2022-31210 [CRITICAL] CWE-798 CVE-2022-31210: An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/set An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/set_param.cgi contains hardcoded credentials to the web application. Because these accounts cannot be deactivated or have their passwords changed, they are considered to be backdoor accounts.
nvd
Infiray Iray-A8Z3 Firmware vulnerabilities | cvebase