CVE-2022-29730

{"id": "CVE-2022-29730", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-06-02T14:15:50.827", "references": [{"url": "https://www.pusr.com/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5705.php", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.pusr.com/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5705.php", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. The credentials cannot be altered through normal operation of the device."}, {"lang": "es", "value": "Se ha detectado que USR IOT 4G LTE Industrial Cellular VPN Router versi\u00f3n v1.0.36, contiene credenciales embebidas para su cuenta con altos privilegios. Las credenciales no pueden ser alteradas mediante el funcionamiento normal del dispositivo"}], "lastModified": "2024-11-21T06:59:37.187", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:usr:usr-g808_firmware:1.0.36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E946659-3111-4135-AE90-5ADF3D3D4054"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:usr:usr-g808:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3C9804B3-C0EE-446F-BD01-EB5C4274987F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:usr:usr-g807_firmware:1.0.36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A95D603-40C5-49FE-8799-5659FECE484B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:usr:usr-g807:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "97EBE7AA-CB8B-453A-9F04-B3978379E96D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:usr:usr-g806_firmware:1.0.36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD74A5AB-4B53-4CF0-961A-5BCF61710E22"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:usr:usr-g806:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C56BCFF2-3F02-4DB6-9DC1-575C7E6A7E77"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:usr:usr-g800v2_firmware:1.0.36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80410C48-C017-4139-933A-45B495952550"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:usr:usr-g800v2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C1861FD4-AB43-44CD-A79B-3CD0B3D52C37"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:usr:usr-lg220-l_firmware:1.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0AB23F5C-0C80-4068-976D-9B36A61A5E47"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:usr:usr-lg220-l:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "172C94BB-112C-4AB9-A7C4-F766993F839E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}