CVE-2022-37680

HIGH Year: 2022
CVSS v3 Score
7.5
High
Weakness Type
CWE-306
View all →

Vulnerability Description

An improper authentication for critical function issue in Hitachi Kokusai Electric Network products for monitoring system (Camera, Decoder and Encoder) and bellow allows attckers to remotely reboot the device via a crafted POST request to the endpoint /ptipupgrade.cgi. Security information ID hitachi-sec-2022-001 contains fixes for the issue.

Related Vulnerabilities

CVE-2002-1810

HIGH
CVSS:7.5(High)

D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the admin...

CWE-3062002

CVE-2011-4322

HIGH
CVSS:7.5(High)

websitebaker prior to and including 2.8.1 has an authentication error in backup module.

CWE-3062011

CVE-2013-1793

HIGH
CVSS:7.5(High)

openstack-utils openstack-db has insecure password creation

CWE-3062013

CVE-2015-5201

HIGH
CVSS:7.5(High)

VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3....

CWE-3062015

CVE-2016-6544

HIGH
CVSS:7.5(High)

getgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps. This vulnerability can be exploited to alter the GPS data of a lost device.

CWE-3062016

CVE-2017-0919

HIGH
CVSS:7.5(High)

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform...

CWE-3062017