CVE-2022-29730

USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. The credentials cannot be altered through normal operation of the device.
References
Link Resource
https://www.pusr.com/ Vendor Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5705.php Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:usr:usr-g808_firmware:1.0.36:*:*:*:*:*:*:*
cpe:2.3:h:usr:usr-g808:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:usr:usr-g807_firmware:1.0.36:*:*:*:*:*:*:*
cpe:2.3:h:usr:usr-g807:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:usr:usr-g806_firmware:1.0.36:*:*:*:*:*:*:*
cpe:2.3:h:usr:usr-g806:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:usr:usr-g800v2_firmware:1.0.36:*:*:*:*:*:*:*
cpe:2.3:h:usr:usr-g800v2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:usr:usr-lg220-l_firmware:1.2.7:*:*:*:*:*:*:*
cpe:2.3:h:usr:usr-lg220-l:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-06-02 14:15

Updated : 2024-02-28 19:09


NVD link : CVE-2022-29730

Mitre link : CVE-2022-29730

CVE.ORG link : CVE-2022-29730


JSON object : View

Products Affected

usr

  • usr-g807
  • usr-g808_firmware
  • usr-g808
  • usr-g806_firmware
  • usr-lg220-l
  • usr-g800v2
  • usr-g807_firmware
  • usr-lg220-l_firmware
  • usr-g806
  • usr-g800v2_firmware
CWE
CWE-798

Use of Hard-coded Credentials