Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-31211 | 1 Infiray | 2 Iray-a8z3, Iray-a8z3 Firmware | 2022-07-24 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET by default. | |||||
CVE-2022-31210 | 1 Infiray | 2 Iray-a8z3, Iray-a8z3 Firmware | 2022-07-24 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/set_param.cgi contains hardcoded credentials to the web application. Because these accounts cannot be deactivated or have their passwords changed, they are considered to be backdoor accounts. | |||||
CVE-2022-31209 | 1 Infiray | 2 Iray-a8z3, Iray-a8z3 Firmware | 2022-07-24 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware contains a potential buffer overflow by calling strcpy() without checking the string length beforehand. | |||||
CVE-2022-31208 | 1 Infiray | 2 Iray-a8z3, Iray-a8z3 Firmware | 2022-07-24 | 9.0 HIGH | 8.8 HIGH |
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmd_string URL parameter. |