CVE-2022-38789

Published: Sep 15, 2022Modified: Nov 21, 2024

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference.

Affected (3)

Products: Airties: Air 4920 Firmware, Air 4921 Firmware, Air 4971 Firmware

3 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Airties Air 4920 Firmware	Before 2020-08-04

Running on/with	Platform Versions
Airties Air 4920	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Airties Air 4921 Firmware	Before 2020-08-04

Running on/with	Platform Versions
Airties Air 4921	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Airties Air 4971 Firmware	Before 2020-08-04

Running on/with	Platform Versions
Airties Air 4971	All versions

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (4)

https://airties.com/airties-information-security-policy/

Source: cve@mitre.org

Vendor Advisory

https://github.com/ProxyStaffy/Airties-CVE-2022-38789/blob/main/Description

Source: cve@mitre.org

Third Party Advisory

https://airties.com/airties-information-security-policy/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://github.com/ProxyStaffy/Airties-CVE-2022-38789/blob/main/Description

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.