CVE-2022-47767

Published: Jan 26, 2023Modified: Apr 1, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects Solar-Log devices that use firmware version v4.2.7 up to v5.1.1 (included). This does not exist in SL 200, 500, 1000 / fixed in 4.2.8 for SL 250, 300, 1200, 2000, SL 50 Gateway / fixed in 5.1.2 / 6.0.0 for SL Base.

Affected (18)

Products: Solar Log: Solar Log 250 Firmware, Solar Log 300 Firmware, Solar Log 800e Firmware, Solar Log 1000 Firmware, Solar Log 1000 Pm+ Firmware, Solar Log 1200 Firmware, Solar Log 2000 Firmware, Solar Log 500 Firmware, Solar Log 50 Firmware

Solar Log

9 products

Solar Log 250 Firmware

Solar Log 300 Firmware

Solar Log 800e Firmware

Solar Log 1000 Firmware

Solar Log 1000 Pm+ Firmware

Solar Log 1200 Firmware

Solar Log 2000 Firmware

Solar Log 500 Firmware

Solar Log 50 Firmware

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Solar Log Solar Log 250 Firmware	Before 4.2.8_117
Solar Log Solar Log 250 Firmware	From 5.0.0 to 5.1.2_156

Running on/with	Platform Versions
Solar Log Solar Log 250	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Solar Log Solar Log 300 Firmware	Before 4.2.8_117
Solar Log Solar Log 300 Firmware	From 5.0.0 to 5.1.2_156

Running on/with	Platform Versions
Solar Log Solar Log 300	All versions

Configuration D

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Solar Log Solar Log 800e Firmware	Before 4.2.8_117
Solar Log Solar Log 800e Firmware	From 5.0.0 to 5.1.2_156

Running on/with	Platform Versions
Solar Log Solar Log 800e	All versions

Configuration E

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Solar Log Solar Log 1000 Firmware	Before 4.2.8_117
Solar Log Solar Log 1000 Firmware	From 5.0.0 to 5.1.2_156

Running on/with	Platform Versions
Solar Log Solar Log 1000	All versions

Configuration F

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Solar Log Solar Log 1000 Pm+ Firmware	Before 4.2.8_117
Solar Log Solar Log 1000 Pm+ Firmware	From 5.0.0 to 5.1.2_156

Running on/with	Platform Versions
Solar Log Solar Log 1000 Pm+	All versions

Configuration G

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Solar Log Solar Log 1200 Firmware	Before 4.2.8_117
Solar Log Solar Log 1200 Firmware	From 5.0.0 to 5.1.2_156

Running on/with	Platform Versions
Solar Log Solar Log 1200	All versions

Configuration H

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Solar Log Solar Log 2000 Firmware	Before 4.2.8_117
Solar Log Solar Log 2000 Firmware	From 5.0.0 to 5.1.2_156

Running on/with	Platform Versions
Solar Log Solar Log 2000	All versions

Configuration I

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Solar Log Solar Log 500 Firmware	Before 4.2.8_117
Solar Log Solar Log 500 Firmware	From 5.0.0 to 5.1.2_156

Running on/with	Platform Versions
Solar Log Solar Log 500	All versions

Configuration J

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Solar Log Solar Log 50 Firmware	Before 4.2.8_117
Solar Log Solar Log 50 Firmware	From 5.0.0 to 5.1.2_156

Running on/with	Platform Versions
Solar Log Solar Log 50	All versions

Related CWEs

CWE-912

Hidden Functionality

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

References (4)

https://www.solar-log.com/en/support/firmware-database-1

Source: cve@mitre.org

Vendor Advisory

https://www.swascan.com/security-advisory-solar-log/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.solar-log.com/en/support/firmware-database-1

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.swascan.com/security-advisory-solar-log/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.