VYPR

IRAY-A8Z3

by Infiray

CVEs (4)

  • CVE-2022-31211CriJul 17, 2022
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET by default.

  • CVE-2022-31210CriJul 17, 2022
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/set_param.cgi contains hardcoded credentials to the web application. Because these accounts cannot be deactivated or have their passwords changed, they are considered to be backdoor…

  • CVE-2022-31209CriJul 17, 2022
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware contains a potential buffer overflow by calling strcpy() without checking the string length beforehand.

  • CVE-2022-31208HigJul 17, 2022
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmd_string URL parameter.