Vulnerabilities (CVE)

Filtered by vendor Contec Subscribe
Filtered by product Fxa3000
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-36159 1 Contec 8 Fxa2000, Fxa2000 Firmware, Fxa3000 and 5 more 2024-11-21 N/A 8.8 HIGH
Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow. As the password strength is weak, it can be cracked in few minutes. Through this credential, a malicious actor can access the Wireless LAN Manager interface and open the telnet port then sniff the traffic or inject any malware.
CVE-2022-36158 1 Contec 8 Fxa2000, Fxa2000 Firmware, Fxa3000 and 5 more 2024-11-21 N/A 8.0 HIGH
Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page (/usr/www/ja/mnt_cmd.cgi).