CVE-2022-28113

High

An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows attackers to write files and reset the user passwords without…

mitre·CWE-565·Published 2022-04-15

CVSS

7.2

EPSS

0.04

KEV

Exploits

cve.orgen

167 chars

An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows attackers to write files and reset the user passwords without having a valid session cookie.

NVDen

167 chars

An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows attackers to write files and reset the user passwords without having a valid session cookie.

Un problema en el archivo upload.csp de FANTEC GmbH MWiD25-DS Firmware versión v2.000.030, permite a atacantes escribir archivos y restablecer las contraseñas de los usuarios sin tener una cookie de sesión válida

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	9.0	8.0	10.0	AV:N/AC:L/Au:S/C:C/I:C/A:C
3.1	Primary	NVD	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H