CVE-2022-42785

Published: Nov 15, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: info@cert.vde.com (Secondary)

Description

Multiple W&T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request.

Affected (17)

Wut

17 products

At Modem Emulator Firmware

Com Server ++ Firmware

Com Server 20ma Firmware

Com Server Highspeed 100basefx Firmware

Com Server Highspeed 100baselx Firmware

Com Server Highspeed 19" 1port Firmware

Com Server Highspeed 19" 4port Firmware

Com Server Highspeed Compact Firmware

Com Server Highspeed Industry Firmware

Com Server Highspeed Isolated Firmware

Com Server Highspeed Oem Firmware

Com Server Highspeed Office 1port Firmware

Com Server Highspeed Office 4port Firmware

Com Server Highspeed Poe Firmware

Com Server Highspeed Lc Firmware

Com Server Highspeed Ul Firmware

Com Server Highspeed Poe 3x Isolated Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut At Modem Emulator Firmware	Before 1.48

Running on/with	Platform Versions
Wut At Modem Emulator	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server ++ Firmware	Before 1.48

Running on/with	Platform Versions
Wut Com Server ++	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server 20ma Firmware	Before 1.48

Running on/with	Platform Versions
Wut Com Server 20ma	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed 100basefx Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed 100basefx	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed 100baselx Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed 100baselx	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed 19" 1port Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed 19" 1port	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed 19" 4port Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed 19" 4port	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed Compact Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed Compact	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed Industry Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed Industry	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed Isolated Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed Isolated	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed Oem Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed Oem	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed Office 1port Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed Office 1port	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed Office 4port Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed Office 4port	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed Poe Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed Poe	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed Lc Firmware	Before 1.48

Running on/with	Platform Versions
Wut Com Server Highspeed Lc	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed Ul Firmware	Before 1.48

Running on/with	Platform Versions
Wut Com Server Highspeed Ul	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed Poe 3x Isolated Firmware	Before 1.48

Running on/with	Platform Versions
Wut Com Server Highspeed Poe 3x Isolated	All versions

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

https://cert.vde.com/de/advisories/VDE-2022-043/

Source: info@cert.vde.com

Third Party Advisory

https://cert.vde.com/de/advisories/VDE-2022-043/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.