CVE-2022-36306

MEDIUM Year: 2022
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-219
View all →

Vulnerability Description

An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web server binary, and the web server configuration file. These vulnerabilities were found in AirVelocity 1500 running software version 9.3.0.01249, were still present in 15.18.00.2511, and may affect other AirVelocity and AirSpeed models.

Related Vulnerabilities

CVE-2024-39776

HIGH
CVSS:7.5(High)

Avtec Outpost stores sensitive information in an insecure location without proper access controls in place.

CWE-2192024

CVE-2002-2024

MEDIUM
CVSS:5.3(Medium)

Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_...

CWE-2192002

CVE-2023-39467

MEDIUM
CVSS:5.3(Medium)

Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trian...

CWE-2192023

CVE-2022-21236

HIGH
CVSS:8.1(High)

An information disclosure vulnerability exists due to a web server misconfiguration in the Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a disclosure of sensitive ...

CWE-2192022

CVE-2022-21236

HIGH
CVSS:8.1(High)

An information disclosure vulnerability exists due to a web server misconfiguration in the Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a disclosure of sensitive ...

CWE-2192022

CVE-2024-39776

HIGH
CVSS:7.5(High)

Avtec Outpost stores sensitive information in an insecure location without proper access controls in place.

CWE-2192024