CVE-2022-3027

MEDIUM Year: 2022
CVSS v3 Score
5.7
Medium
Weakness Type
CWE-284
View all →

Vulnerability Description

The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. A threat actor could create an SSID with a malicious name, including non-standard characters that, when the device attempts connecting to the malicious SSID, the device can be exploited to write arbitrary files or display incorrect information.

Related Vulnerabilities

CVE-2016-3060

MEDIUM
CVSS:5.7(Medium)

Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote auth...

CWE-2842016

CVE-2019-11894

MEDIUM
CVSS:5.7(Medium)

A potential improper access control vulnerability exists in the backup mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in unauthorized download of a backup. In order ...

CWE-2842019

CVE-2021-24752

MEDIUM
CVSS:5.7(Medium)

Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essent...

CWE-2842021

CVE-2023-25150

MEDIUM
CVSS:5.7(Medium)

Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permissio...

CWE-2842023

CVE-2024-11358

MEDIUM
CVSS:5.7(Medium)

Mattermost Android Mobile Apps versions <=2.21.0 fail to properly configure file providers which allows an attacker with local access to access files via file provider.

CWE-2842024