IRAY-A8Z3
by Infiray
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-31211 | Cri | 0.64 | 9.8 | 0.01 | Jul 17, 2022 | An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET by default. | ||
| CVE-2022-31210 | Cri | 0.64 | 9.8 | 0.01 | Jul 17, 2022 | An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/set_param.cgi contains hardcoded credentials to the web application. Because these accounts cannot be deactivated or have their passwords changed, they are considered to be backdoor… | ||
| CVE-2022-31209 | Cri | 0.64 | 9.8 | 0.01 | Jul 17, 2022 | An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware contains a potential buffer overflow by calling strcpy() without checking the string length beforehand. | ||
| CVE-2022-31208 | Hig | 0.57 | 8.8 | 0.01 | Jul 17, 2022 | An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmd_string URL parameter. |
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET by default.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/set_param.cgi contains hardcoded credentials to the web application. Because these accounts cannot be deactivated or have their passwords changed, they are considered to be backdoor…
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware contains a potential buffer overflow by calling strcpy() without checking the string length beforehand.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmd_string URL parameter.