CVE-2022-47767
Description
A hidden web-panel backdoor in Solar-Log Gateway firmware (v4.2.7 to v5.1.1) allows unauthenticated attackers to gain super-admin privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A hidden web-panel backdoor in Solar-Log Gateway firmware (v4.2.7 to v5.1.1) allows unauthenticated attackers to gain super-admin privileges.
Vulnerability
A backdoor exists in the slcore component of Solar-Log Gateway products, present in firmware versions v4.2.7 up to and including v5.1.1 [1]. This hidden functionality allows remote access via the web panel, bypassing authentication and granting super-administrator privileges. Devices running these firmware versions are affected, including the Solar-Log 50 Gateway, Solar-Log 250, 300, 1200, 1900, 2000, and Solar-Log Base. The SL 200, 500, and 1000 models are not affected [1].
Exploitation
An attacker with network access to the device’s web panel can exploit this vulnerability without any prior authentication or user interaction [1]. The attack vector is network-based, requires no privileges, and no special configuration beyond having an affected firmware version. The exact sequence of steps is not publicly detailed, but the backdoor provides direct entry to the administrative panel with full super-administrator rights [1].
Impact
Successful exploitation results in complete compromise of the device: the attacker gains super-administrator privileges, leading to full control over the gateway [1]. This can include reading sensitive data, modifying device configuration, and potentially using the device as a pivot for further network attacks. The CVSSv3.1 score is 9.8 (Critical) with confidentiality, integrity, and availability impacts all rated as High [1].
Mitigation
Solar-Log released fixed firmware versions for the affected models: version 4.2.8_117 (dated 30 May 2022) for Solar-Log 250, 300, 1200, 2000, and Solar-Log 50 Gateway; and version 5.1.2_157 (dated 6 July 2023) for Solar-Log Base devices [1][2]. A later version 6.0.x/6.1.x is also available for Base units [2]. Users should update immediately from the Solar-Log firmware download page. No workaround is documented; the only mitigation is applying the patched firmware [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Solar-Log/Solar-Log Gatewaydescription
- Range: >=4.2.7 <=5.1.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"A hidden backdoor in Solar-Log Gateway firmware allows password generation from the publicly visible device serial number, granting super-administrator access [CWE-912]."
Attack vector
An attacker can view the device serial number and current date/time on the public login page of any Solar-Log device. Using this known information, the attacker can generate valid passwords that grant super-administrator privileges, bypassing normal authentication [ref_id=1]. The vulnerability affects Solar-Log firmware versions v4.2.7 through v5.1.1 (included) [ref_id=1].
Affected code
The advisory does not specify exact file paths or functions. It identifies that the serial number of the device (e.g., 547870007) is stored in the OCOTP register and exposed in the login page of every Solar-Log device. This serial number is used to generate passwords that grant super-administrator access [ref_id=1].
What the fix does
The advisory does not include a patch diff. The vendor's remediation plan involved firmware updates: version 4.2.8 for SL 250, 300, 1200, 2000, and SL 50 Gateway, and versions 5.1.2/6.0.0 for SL Base. The fix removes the hidden backdoor functionality that allowed password generation from the serial number [ref_id=1].
Preconditions
- configThe target Solar-Log device must be running a vulnerable firmware version (v4.2.7 through v5.1.1)
- networkThe device login page must be publicly accessible over the network
- authNo authentication is required to view the serial number and time on the login page
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2News mentions
0No linked articles in our index yet.