← Back

CVE-2022-41489

nvd nist
Published: Oct 13, 2022Modified: Jun 17, 2026

JSON object

Loading...
8.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Exploitability: 2.8 / Impact: 5.2
Source: NVD

Description

WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to send crafted requests to the server from the affected device. This vulnerability is exploitable due to a lack of authentication in the component Usb_upload.htm.

Affected (6)

Wayos
6 products
Lq 09 Firmware
Lq 08 Firmware
Lq 07 Firmware
Lq 06 Firmware
Lq 05 Firmware
Lq 04 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Lq 09 Firmware
Version 22.03.17
Running on/withPlatform Versions
Wayos
Lq 09
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Lq 08 Firmware
Version 22.03.17
Running on/withPlatform Versions
Wayos
Lq 08
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Lq 07 Firmware
Version 22.03.17
Running on/withPlatform Versions
Wayos
Lq 07
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Lq 06 Firmware
Version 22.03.17
Running on/withPlatform Versions
Wayos
Lq 06
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Lq 05 Firmware
Version 22.03.17
Running on/withPlatform Versions
Wayos
Lq 05
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Lq 04 Firmware
Version 22.03.17
Running on/withPlatform Versions
Wayos
Lq 04
All versions

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

Source: cve@mitre.org
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.