CVE-2022-36604

An access control issue in Canaan Avalon ASIC Miner 2020.3.30 and below allows unauthenticated attackers to arbitrarily change user passwords via a crafted POST request.

CVSS v3.0 7.5 HIGH

7.5^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://jamesachambers.com/cryptocurrency-asic-miners-security-and-hacking-audit/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:canaan:avalon_asic_miner_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:canaan:avalon_asic_miner:-:*:*:*:*:*:*:*

Information

Published : 2022-09-01 14:15

Updated : 2022-09-08 09:57

NVD link : CVE-2022-36604

Mitre link : CVE-2022-36604

JSON object : View

CWE

CWE-306

Missing Authentication for Critical Function

Products Affected

canaan

avalon_asic_miner
avalon_asic_miner_firmware

7.5 /10