CVE-2021-22640

Published: Jul 28, 2022Modified: Apr 17, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks.

Affected (8)

Products: Ovarro: Twinsoft, Tbox Lt2 530 Firmware, Tbox Lt2 532 Firmware, Tbox Lt2 540 Firmware, Tbox Ms Cpu32 Firmware, Tbox Ms Cpu32 S2 Firmware, Tbox Rm2 Firmware, Tbox Tg2 Firmware

8 products

Tbox Lt2 530 Firmware

Tbox Lt2 532 Firmware

Tbox Lt2 540 Firmware

Tbox Ms Cpu32 Firmware

Tbox Ms Cpu32 S2 Firmware

Tbox Rm2 Firmware

Tbox Tg2 Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ovarro Twinsoft	Before 12.4

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ovarro Tbox Lt2 530 Firmware	Before 1.46

Running on/with	Platform Versions
Ovarro Tbox Lt2 530	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ovarro Tbox Lt2 532 Firmware	Before 1.46

Running on/with	Platform Versions
Ovarro Tbox Lt2 532	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ovarro Tbox Lt2 540 Firmware	Before 1.46

Running on/with	Platform Versions
Ovarro Tbox Lt2 540	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ovarro Tbox Ms Cpu32 Firmware	Before 1.46

Running on/with	Platform Versions
Ovarro Tbox Ms Cpu32	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ovarro Tbox Ms Cpu32 S2 Firmware	Before 1.46

Running on/with	Platform Versions
Ovarro Tbox Ms Cpu32 S2	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ovarro Tbox Rm2 Firmware	Before 1.46

Running on/with	Platform Versions
Ovarro Tbox Rm2	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ovarro Tbox Tg2 Firmware	Before 1.46

Running on/with	Platform Versions
Ovarro Tbox Tg2	All versions

Related CWEs

Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.