Infiray

infiray

4 CVEs • 2 products

Products (2)

Click to collapse

Toggle

Iray A8z3 Firmware

iray-a8z3_firmware

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-31211 1Infiray 1Iray A8z3 Firmware Jun 17, 2026 Jul 17, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET by default.
CVE-2022-31210 1Infiray 1Iray A8z3 Firmware Jun 17, 2026 Jul 17, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/set_param.cgi contains hardcoded credentials to the web application. Because these accounts cannot be deactivated or have t...Show more An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/set_param.cgi contains hardcoded credentials to the web application. Because these accounts cannot be deactivated or have their passwords changed, they are considered to be backdoor accounts.Show less
CVE-2022-31209 1Infiray 1Iray A8z3 Firmware Jun 17, 2026 Jul 17, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware contains a potential buffer overflow by calling strcpy() without checking the string length beforehand.
CVE-2022-31208 1Infiray 1Iray A8z3 Firmware Jun 17, 2026 Jul 17, 2022 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmd_string URL parameter.