CVE-2022-47037

Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated credentials via GetCredentials.
References
Link Resource
https://semaja2.net/2023/06/11/siklu-tg-auth-bypass.html Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:h:siklu:tg_lr_t280:-:*:*:*:*:*:*:*
cpe:2.3:h:siklu:tg_mpl-261:-:*:*:*:*:*:*:*
cpe:2.3:h:siklu:tg_n265:-:*:*:*:*:*:*:*
cpe:2.3:h:siklu:tg_n366:-:*:*:*:*:*:*:*
cpe:2.3:h:siklu:tg_n367:-:*:*:*:*:*:*:*
cpe:2.3:h:siklu:tg_t260:-:*:*:*:*:*:*:*
cpe:2.3:h:siklu:tg_t261:-:*:*:*:*:*:*:*
cpe:2.3:h:siklu:tg_t265:-:*:*:*:*:*:*:*
cpe:2.3:o:siklu:tg_firmware:*:*:*:*:*:*:*:*

History

01 Aug 2024, 13:43

Type Values Removed Values Added
CWE CWE-284

08 Apr 2024, 22:38

Type Values Removed Values Added
CPE cpe:2.3:o:siklu:tg_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siklu:tg_n366:-:*:*:*:*:*:*:*
cpe:2.3:h:siklu:tg_t265:-:*:*:*:*:*:*:*
cpe:2.3:h:siklu:tg_lr_t280:-:*:*:*:*:*:*:*
cpe:2.3:h:siklu:tg_t261:-:*:*:*:*:*:*:*
cpe:2.3:h:siklu:tg_n265:-:*:*:*:*:*:*:*
cpe:2.3:h:siklu:tg_mpl-261:-:*:*:*:*:*:*:*
cpe:2.3:h:siklu:tg_t260:-:*:*:*:*:*:*:*
cpe:2.3:h:siklu:tg_n367:-:*:*:*:*:*:*:*
CWE CWE-522
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
First Time Siklu tg N265
Siklu tg T260
Siklu tg Mpl-261
Siklu tg T261
Siklu tg Firmware
Siklu tg N366
Siklu tg Lr T280
Siklu tg T265
Siklu tg N367
Siklu
References () https://semaja2.net/2023/06/11/siklu-tg-auth-bypass.html - () https://semaja2.net/2023/06/11/siklu-tg-auth-bypass.html - Exploit, Third Party Advisory
Summary
  • (es) Los dispositivos Siklu TG Terragraph anteriores a 2.1.1 permiten a los atacantes descubrir credenciales válidas generadas aleatoriamente a través de GetCredentials.

18 Mar 2024, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-03-18 03:15

Updated : 2024-08-01 13:43


NVD link : CVE-2022-47037

Mitre link : CVE-2022-47037

CVE.ORG link : CVE-2022-47037


JSON object : View

Products Affected

siklu

  • tg_n367
  • tg_t261
  • tg_lr_t280
  • tg_t265
  • tg_firmware
  • tg_n366
  • tg_t260
  • tg_mpl-261
  • tg_n265
CWE
CWE-522

Insufficiently Protected Credentials

CWE-284

Improper Access Control