CVE-2022-47037

Published: Mar 18, 2024Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated credentials via GetCredentials.

Affected (1)

Products: Siklu: Tg Firmware

1 product

Configuration A

1 vulnerable · 8 platform

Vulnerable Software	Affected Versions
Siklu Tg Firmware	Before 2.1.1

Running on/with	Platform Versions
Siklu Tg Lr T280	All versions
Siklu Tg Mpl 261	All versions
Siklu Tg N265	All versions
Siklu Tg N366	All versions
Siklu Tg N367	All versions
Siklu Tg T260	All versions
Siklu Tg T261	All versions
Siklu Tg T265	All versions

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://semaja2.net/2023/06/11/siklu-tg-auth-bypass.html

Source: cve@mitre.org

ExploitThird Party Advisory

https://semaja2.net/2023/06/11/siklu-tg-auth-bypass.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.