|
[Japanese]
|
JVNDB-2022-002346
|
Multiple vulnerabilities in Contec FLEXLAN FX3000 and FX2000 series
|
|
FLEXLAN FX3000 and FX2000 series provided by Contec Co., Ltd. contain multiple vulnerabilities listed below.
* Hidden Functionality (CWE-912) - CVE-2022-36158
* Use of Hard-coded Credentials (CWE-798) - CVE-2022-36159
Thomas J. Knudsen and Samy Younsi of Necrum Security Labs reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
|
|
CVSS V3 Severity:
Base Metrics 8.0 (High) [Other]
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
The above CVSS base scores have been assigned for CVE-2022-36158
|
CVSS V3 Severity:
Base Metrics:8.8 (High) [Other]
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
The above CVSS base scores have been assigned for CVE-2022-36159
|
|
|
Contec
- FLEXLAN FX2000 firmware prior to ver.1.39.00
- FLEXLAN FX3000 firmware prior to ver.1.16.00
|
|
|
An attacker may execute an arbitrary OS command with an administrative privilege of the product - CVE-2022-36158
An attacker may access the product with an administrative privilege - CVE-2022-36159
|
|
[Update the firmware]
Update the firmware to the latest version according to the information provided by the developer.
The developer has released the following versions that contain fixes for these vulnerabilities.
* FLEXLAN FX3000 series
* Firmware version ver.1.16.00
* FLEXLAN FX2000 series
* Firmware version ver.1.39.00
|
|
Contec
|
|
- Use of Hard-coded Credentials(CWE-798) [Other]
- Hidden Functionality(CWE-912) [Other]
|
|
- CVE-2022-36158
- CVE-2022-36159
|
|
- JVN : JVNVU#98305100
|
|
- [2022/09/02]
Web page was published
|
