Chbg
Products
2- 6 CVEs
- 1 CVE
Recent CVEs
7| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2004-1264 | 0.05 | — | 0.26 | Jan 10, 2005 | Buffer overflow in the simplify_path function in config.c for ChBg 1.5 allows remote attackers to execute arbitrary code via a crafted chbg scenario file. | ||
| CVE-2022-30623 | 0.00 | — | 0.00 | Jul 18, 2022 | The server checks the user's cookie in a non-standard way, and a value is entered in the cookie value name of the status and its value is set to true to bypass the identification with the system using a username and password. | ||
| CVE-2022-30625 | 0.00 | — | 0.00 | Jul 18, 2022 | Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. A directory listing provides an attacker with the complete index of all the resources located inside of the directory. The specific risks and consequences vary depending on which files are listed and accessible. | ||
| CVE-2022-30626 | 0.00 | — | 0.00 | Jul 18, 2022 | Browsing the path: http://ip/wifi_ap_pata_get.cmd, will show in the name of the existing access point on the component, and a password in clear text. | ||
| CVE-2022-30624 | 0.00 | — | 0.00 | Jul 18, 2022 | Browsing the admin.html page allows the user to reset the admin password. Also appears in the JS code for the password. | ||
| CVE-2022-30627 | 0.00 | — | 0.00 | Jul 18, 2022 | This vulnerability affects all of the company's products that also include the FW versions: update_i90_cv2.021_b20210104, update_i50_v1.0.55_b20200509, update_x6_v2.1.2_b202001127, update_b5_v2.0.9_b20200706. This vulnerability makes it possible to extract from the FW the existing user passwords on their operating systems and passwords. | ||
| CVE-2022-30622 | 0.00 | — | 0.00 | Jul 17, 2022 | Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sys_username_passwd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit information within the JS code sent to the customer within the Login.js file is a strong user (which is not documented) and also the password, which allow for super-user access. Username: chcadmin, Password: chcpassword. |
- CVE-2004-1264Jan 10, 2005risk 0.05cvss —epss 0.26
Buffer overflow in the simplify_path function in config.c for ChBg 1.5 allows remote attackers to execute arbitrary code via a crafted chbg scenario file.
- CVE-2022-30623Jul 18, 2022risk 0.00cvss —epss 0.00
The server checks the user's cookie in a non-standard way, and a value is entered in the cookie value name of the status and its value is set to true to bypass the identification with the system using a username and password.
- CVE-2022-30625Jul 18, 2022risk 0.00cvss —epss 0.00
Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. A directory listing provides an attacker with the complete index of all the resources located inside of the directory. The specific risks and consequences vary depending on which files are listed and accessible.
- CVE-2022-30626Jul 18, 2022risk 0.00cvss —epss 0.00
Browsing the path: http://ip/wifi_ap_pata_get.cmd, will show in the name of the existing access point on the component, and a password in clear text.
- CVE-2022-30624Jul 18, 2022risk 0.00cvss —epss 0.00
Browsing the admin.html page allows the user to reset the admin password. Also appears in the JS code for the password.
- CVE-2022-30627Jul 18, 2022risk 0.00cvss —epss 0.00
This vulnerability affects all of the company's products that also include the FW versions: update_i90_cv2.021_b20210104, update_i50_v1.0.55_b20200509, update_x6_v2.1.2_b202001127, update_b5_v2.0.9_b20200706. This vulnerability makes it possible to extract from the FW the existing user passwords on their operating systems and passwords.
- CVE-2022-30622Jul 17, 2022risk 0.00cvss —epss 0.00
Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sys_username_passwd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit information within the JS code sent to the customer within the Login.js file is a strong user (which is not documented) and also the password, which allow for super-user access. Username: chcadmin, Password: chcpassword.