CVE-2022-40187

HIGH Year: 2022
CVSS v3 Score
8.0
High
Weakness Type
CWE-276
View all →

Vulnerability Description

Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework (TCF) service enabled. This service listens on a TCP port on all interfaces and allows for process debugging, file system modification, and terminal access as the root user. In conjunction with a hosted wireless access point and the known passphrase of FSSPORTS, an attacker could use this service to modify a device and steal intellectual property.

Related Vulnerabilities

CVE-2023-45990

HIGH
CVSS:8.0(High)

Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows a remote attacker to escalate privileges.

CWE-2762023

CVE-2024-52551

HIGH
CVSS:8.0(High)

Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing atta...

CWE-2762024

CVE-2017-3209

HIGH
CVSS:8.1(High)

The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous user. The DBPower U818A WIFI quadcopter drone runs an FTP...

CWE-2762017

CVE-2019-9579

HIGH
CVSS:8.1(High)

An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 and 5.1.2, and other products. The SMB server allows an attacker to have unintended access, e.g., an attacker with WRITE_XATTR can chang...

CWE-2762019

CVE-2019-9682

HIGH
CVSS:8.1(High)

Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak securit...

CWE-2762019