How severe is CVE-2022-1039?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2022-1039?

This is classified as CWE-521, which is a common weakness in software security.

CVE-2022-1039 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access has been obtained, the other passwords can be changed. The weak password on Linux accounts can be accessed via SSH or Telnet, the former of which is by default enabled on trusted interfaces. While the SSH service does not support root login, a user logging in using either of the other Linux accounts may elevate to root access using the su command if they have access to the associated password.

Related Vulnerabilities

CVE-2017-1196

CRITICAL

CVSS:9.8(Critical)

IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: ...

CWE-5212017

CVE-2017-1221

CRITICAL

CVSS:9.8(Critical)

IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force I...

CWE-5212017

CVE-2017-12861

CRITICAL

CVSS:9.8(Critical)

The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only th...

CWE-5212017

CVE-2017-14189

CRITICAL

CVSS:9.8(Critical)

An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password.

CWE-5212017

CVE-2017-1601

CRITICAL

CVSS:9.8(Critical)

IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compro...

CWE-5212017

CVE-2017-18857

CRITICAL

CVSS:9.8(Critical)

The NETGEAR Insight application before 2.42 for Android and iOS is affected by password mismanagement.

CWE-5212017