Ip-Com Ew9 Firmware vulnerabilities
5 known vulnerabilities affecting ip-com/ew9_firmware.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH3
Vulnerabilities
Page 1 of 1
CVE-2022-45005P2CRITICALCVSS 9.8v15.11.0.14\(9732\)2022-12-13
CVE-2022-45005 [CRITICAL] CWE-78 CVE-2022-45005: IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the cmd_
IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the cmd_get_ping_output function.
nvd
CVE-2022-43367P2CRITICALCVSS 9.8v15.11.0.142022-10-27
CVE-2022-43367 [CRITICAL] CWE-77 CVE-2022-43367: IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the form
IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the formSetDebugCfg function.
nvd
CVE-2022-43364P3HIGHCVSS 7.5v15.11.0.142022-10-27
CVE-2022-43364 [HIGH] CVE-2022-43364: An access control issue in the password reset page of IP-COM EW9 V15.11.0.14(9732) allows unauthenti
An access control issue in the password reset page of IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to arbitrarily change the admin password.
nvd
CVE-2022-43366P3HIGHCVSS 7.5v15.11.0.142022-10-27
CVE-2022-43366 [HIGH] CVE-2022-43366: IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to access sensitive information via th
IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to access sensitive information via the checkLoginUser, ate, telnet, version, setDebugCfg, and boot interfaces.
nvd
CVE-2022-43365P3HIGHCVSS 7.5v15.11.0.142022-10-27
CVE-2022-43365 [HIGH] CWE-120 CVE-2022-43365: IP-COM EW9 V15.11.0.14(9732) was discovered to contain a buffer overflow in the formSetDebugCfg func
IP-COM EW9 V15.11.0.14(9732) was discovered to contain a buffer overflow in the formSetDebugCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.
nvd