CVE-2022-27438

Published: Jun 6, 2022Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check.

Affected (70)

Products: Caphyon: Advanced Installer · 3cx: Call Flow Designer, Crm Template Generator · Boom: Boomtv Streamer Portal · +26 more

Show all products

Caphyon: Advanced Installer · 3cx: Call Flow Designer, Crm Template Generator · Boom: Boomtv Streamer Portal · Codesector: Direct Folders, Teracopy · Emeditor: Emeditor · Flamory: Flamory · Freesnippingtool: Free Snipping Tool · Fxsound: Fxsound · Gainedge: Better Explorer · Gamecaster: Gamecaster · Getmailbird: Mailbird · Guzogo: Guzogo · Honeygain: Honeygain · Jki: Vi Package Manager · Jpsoft: Take Command · Krylack: Archive Password Recovery, Asterisks Password Decryptor, Burning Suite, Rar Password Recovery, Volume Serial Number Editor, Zip Password Recovery · Moonsoftware: Password Agent · Nefarius: Scptoolkit · Plagiarismcheckerx: Plagiarism Checker X · Prusa3d: Prusaslicer · Realdefense: Mycleanid, Mycleanpc, Mypasslock · Rovio: Angry Birds Space, Bad Piggies · Synaptics: Displaylink Usb Graphics · Urban Vpn: Urban Vpn · Vigem: Vigembus Driver · Vpnhood: Vpnhood · Vrdesktop: Virtual Desktop Streamer · Xsplit: Xsplit Express Video Editor · Rstinstruments: Vw0420 Firmware, Inclinalysis Digital Inclinometer, Ipi Utility, Rstar Rtu Host, Dt2011 Firmware, Dt2011b Firmware, Dt2040 Firmware, Dt2050 Firmware, Dt2050b Firmware, Dt2055b Firmware, Dt2306 Firmware, Dt2350 Firmware, Dt2485 Firmware, Dt4205 Firmware, Dtsaa Firmware, Ic6560 Firmware, Ic6660 Firmware, Dtl201b/2b Firmware, Mtcm Firmware, Gaa2820 Firmware, Rtu Firmware, Mems Tilt Meter Firmware, Portable Tilt Meter Firmware, Vw2106 Firmware, Th2016 Firmware, Th2016b Firmware, Ma7 Firmware, Qb120 Firmware, Sg350 Firmware, Ir420 Firmware, Lp100 Firmware, C109 Firmware

1 product

2 products

Crm Template Generator

Boom

1 product

Boomtv Streamer Portal

2 products

1 product

1 product

1 product

1 product

1 product

1 product

1 product

1 product

1 product

1 product

1 product

6 products

Archive Password Recovery

Asterisks Password Decryptor

Burning Suite

Rar Password Recovery

Volume Serial Number Editor

Zip Password Recovery

1 product

1 product

1 product

1 product

3 products

2 products

1 product

Displaylink Usb Graphics

1 product

1 product

1 product

1 product

Virtual Desktop Streamer

Xsplit

1 product

Xsplit Express Video Editor

Rstinstruments

32 products

Vw0420 Firmware

Inclinalysis Digital Inclinometer

Mems Tilt Meter Firmware

Portable Tilt Meter Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Caphyon Advanced Installer	Before 19.4

Configuration B

37 vulnerable

Vulnerable Software	Affected Versions
3cx Call Flow Designer	Version 18.2.13
3cx Crm Template Generator	Version 2.1.23
Boom Boomtv Streamer Portal	Version 2.2.1
Codesector Direct Folders	Version 4.0
Codesector Teracopy	Version 3.8.5
Emeditor Emeditor	Version 21.3.0
Flamory Flamory	Version 4.2.19.0
Freesnippingtool Free Snipping Tool	Version 5.6.0.0
Fxsound Fxsound	Version 1.1.12.0
Gainedge Better Explorer	Version 2020.3.15.1304
Gamecaster Gamecaster	Version 4.0.2109.2802
Getmailbird Mailbird	Version 2.9.50.0
Guzogo Guzogo	Version 1.0.5.0
Honeygain Honeygain	Version 0.10.7.0
Jki Vi Package Manager	Version 21.1.2754
Jpsoft Take Command	Version 28.2.18
Krylack Archive Password Recovery	Version 3.70.69
Krylack Asterisks Password Decryptor	Version 3.31.107
Krylack Burning Suite	Version 1.20.05
Krylack Rar Password Recovery	Version 3.70.69
Krylack Volume Serial Number Editor	Version 2.02.34
Krylack Zip Password Recovery	Version 3.70.69
Moonsoftware Password Agent	Version 20.10.1
Nefarius Scptoolkit	Version 1.6.238.16010
Plagiarismcheckerx Plagiarism Checker X	Version 8.0.6
Prusa3d Prusaslicer	Version 2.4.2
Realdefense Mycleanid	Version 4.1.4
Realdefense Mycleanpc	Version 4.0.2
Realdefense Mypasslock	Version 1.9.6
Rovio Angry Birds Space	Version 1.4.1
Rovio Bad Piggies	Version 1.3.0
Synaptics Displaylink Usb Graphics	Before 10.3.6400.0
Urban Vpn Urban Vpn	Version 2.2.5
Vigem Vigembus Driver	Version 1.16.116
Vpnhood Vpnhood	Version 2.4.299
Vrdesktop Virtual Desktop Streamer	Version 1.20.16
Xsplit Xsplit Express Video Editor	Version 3.0.2001.801

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rstinstruments Vw0420 Firmware	Version 1.33.0

Running on/with	Platform Versions
Rstinstruments Vw0420	All versions

Configuration D

3 vulnerable

Vulnerable Software	Affected Versions
Rstinstruments Inclinalysis Digital Inclinometer	Version 2.48.9
Rstinstruments Ipi Utility	Version 1.05.0
Rstinstruments Rstar Rtu Host	Version 1.33.0

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rstinstruments Dt2011 Firmware	Version 1.19.4.0

Running on/with	Platform Versions
Rstinstruments Dt2011	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rstinstruments Dt2011b Firmware	Version 1.19.4.0

Running on/with	Platform Versions
Rstinstruments Dt2011b	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rstinstruments Dt2040 Firmware	Version 1.19.4.0

Running on/with	Platform Versions
Rstinstruments Dt2040	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rstinstruments Dt2050 Firmware	Version 1.19.4.0

Running on/with	Platform Versions
Rstinstruments Dt2050	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rstinstruments Dt2050b Firmware	Version 1.19.4.0

Running on/with	Platform Versions
Rstinstruments Dt2050b	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rstinstruments Dt2055b Firmware	Version 1.19.4.0

Running on/with	Platform Versions
Rstinstruments Dt2055b	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rstinstruments Dt2306 Firmware	Version 1.19.4.0

Running on/with	Platform Versions
Rstinstruments Dt2306	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rstinstruments Dt2350 Firmware	Version 1.19.4.0

Running on/with	Platform Versions
Rstinstruments Dt2350	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rstinstruments Dt2485 Firmware	Version 1.19.4.0

Running on/with	Platform Versions
Rstinstruments Dt2485	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rstinstruments Dt4205 Firmware	Version 1.19.4.0

Running on/with	Platform Versions
Rstinstruments Dt4205	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rstinstruments Dtsaa Firmware	Version 1.19.4.0

Running on/with	Platform Versions
Rstinstruments Dtsaa	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rstinstruments Ic6560 Firmware	Version 1.19.4.0

Running on/with	Platform Versions
Rstinstruments Ic6560	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rstinstruments Ic6660 Firmware	Version 1.19.4.0

Running on/with	Platform Versions
Rstinstruments Ic6660	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rstinstruments Dtl201b/2b Firmware	Version 1.19.4.0

Running on/with	Platform Versions
Rstinstruments Dtl201b/2b	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rstinstruments Mtcm Firmware	Version 1.19.4.0

Running on/with	Platform Versions
Rstinstruments Mtcm	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rstinstruments Gaa2820 Firmware	Version 1.19.4.0

Running on/with	Platform Versions
Rstinstruments Gaa2820	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rstinstruments Rtu Firmware	Version 1.19.4.0

Running on/with	Platform Versions
Rstinstruments Rtu	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rstinstruments Mems Tilt Meter Firmware	Version 1.20.1

Running on/with	Platform Versions
Rstinstruments Mems Tilt Meter	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rstinstruments Portable Tilt Meter Firmware	Version 1.20.1

Running on/with	Platform Versions
Rstinstruments Portable Tilt Meter	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rstinstruments Vw2106 Firmware	All versions

Running on/with	Platform Versions
Rstinstruments Vw2106	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rstinstruments Th2016 Firmware	Version 1.4.0.2

Running on/with	Platform Versions
Rstinstruments Th2016	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rstinstruments Th2016b Firmware	Version 1.4.0.2

Running on/with	Platform Versions
Rstinstruments Th2016b	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rstinstruments Ma7 Firmware	Version 1.4.0.2

Running on/with	Platform Versions
Rstinstruments Ma7	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rstinstruments Qb120 Firmware	Version 1.4.0.2

Running on/with	Platform Versions
Rstinstruments Qb120	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rstinstruments Sg350 Firmware	Version 1.4.0.2

Running on/with	Platform Versions
Rstinstruments Sg350	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rstinstruments Ir420 Firmware	Version 1.4.0.2

Running on/with	Platform Versions
Rstinstruments Ir420	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rstinstruments Lp100 Firmware	Version 1.4.0.2

Running on/with	Platform Versions
Rstinstruments Lp100	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rstinstruments C109 Firmware	Version 1.4.0.2

Running on/with	Platform Versions
Rstinstruments C109	All versions

Related CWEs

CWE-494

Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

References (8)

http://advanced.com

Source: cve@mitre.org

Product

http://caphyon.com

Source: cve@mitre.org

Product

https://gerr.re/posts/cve-2022-27438/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.advancedinstaller.com/security-updates-auto-updater.html

Source: cve@mitre.org

PatchVendor Advisory

http://advanced.com

Source: af854a3a-2127-422b-91ae-364da2661108

Product

http://caphyon.com

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://gerr.re/posts/cve-2022-27438/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.advancedinstaller.com/security-updates-auto-updater.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.