CVE-2022-42787

Published: Nov 10, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD (Secondary)

Description

Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be successful a user interaction is required.

Affected (17)

Wut

17 products

At Modem Emulator Firmware

Com Server ++ Firmware

Com Server 20ma Firmware

Com Server Highspeed 100basefx Firmware

Com Server Highspeed 100baselx Firmware

Com Server Highspeed 19" 1port Firmware

Com Server Highspeed 19" 4port Firmware

Com Server Highspeed Compact Firmware

Com Server Highspeed Industry Firmware

Com Server Highspeed Isolated Firmware

Com Server Highspeed Oem Firmware

Com Server Highspeed Office 1port Firmware

Com Server Highspeed Office 4port Firmware

Com Server Highspeed Poe Firmware

Com Server Highspeed Lc Firmware

Com Server Highspeed Ul Firmware

Com Server Highspeed Poe 3x Isolated Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut At Modem Emulator Firmware	Before 1.48

Running on/with	Platform Versions
Wut At Modem Emulator	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server ++ Firmware	Before 1.48

Running on/with	Platform Versions
Wut Com Server ++	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server 20ma Firmware	Before 1.48

Running on/with	Platform Versions
Wut Com Server 20ma	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed 100basefx Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed 100basefx	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed 100baselx Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed 100baselx	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed 19" 1port Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed 19" 1port	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed 19" 4port Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed 19" 4port	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed Compact Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed Compact	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed Industry Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed Industry	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed Isolated Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed Isolated	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed Oem Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed Oem	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed Office 1port Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed Office 1port	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed Office 4port Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed Office 4port	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed Poe Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed Poe	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed Lc Firmware	Before 1.48

Running on/with	Platform Versions
Wut Com Server Highspeed Lc	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed Ul Firmware	Before 1.48

Running on/with	Platform Versions
Wut Com Server Highspeed Ul	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed Poe 3x Isolated Firmware	Before 1.48

Running on/with	Platform Versions
Wut Com Server Highspeed Poe 3x Isolated	All versions

Related CWEs

CWE-330

Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

References (2)

https://cert.vde.com/de/advisories/VDE-2022-043

Source: info@cert.vde.com

Vendor Advisory

https://cert.vde.com/de/advisories/VDE-2022-043

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.