How severe is CVE-2021-22708?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2021-22708?

This is classified as CWE-347, which is a common weakness in software security.

CVE-2021-22708 - HIGH Severity | CVSS 7.2

Vulnerability Description

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to craft a malicious firmware package and bypass the signature verification mechanism.

Related Vulnerabilities

CVE-2020-26122

HIGH

CVSS:7.2(High)

Inspur NF5266M5 through 3.21.2 and other server M5 devices allow remote code execution via administrator privileges. The Baseboard Management Controller (BMC) program of INSPUR server is weak in check...

CWE-3472020

CVE-2020-9047

HIGH

CVSS:7.2(High)

A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterpri...

CWE-3472020

CVE-2021-22734

HIGH

CVSS:7.2(High)

Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause remote code execution when an attacker loads unauthori...

CWE-3472021

CVE-2021-22735

HIGH

CVSS:7.2(High)

Improper Verification of Cryptographic Signature vulnerability exists inhomeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could allow remote code execution when unauthorized code is copied ...

CWE-3472021

CVE-2021-32977

HIGH

CVSS:7.2(High)

AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies, the cryptographic signature for data.

CWE-3472021

CVE-2021-34715

HIGH

CVSS:7.2(High)

A vulnerability in the image verification function of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with...

CWE-3472021