Details of VAR-202205-2163

ID

VAR-202205-2163

TITLE

Sundray Standard POE Switch Exists Arbitrary File Read Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-38268

DESCRIPTION

Shenzhen Sunray Network Technology Co., Ltd. is a wholly-owned subsidiary of Sangfor Group, a next-generation enterprise-level wireless, IoT and switch solutions manufacturer. Sundray's standard POE switch has an arbitrary file reading vulnerability, and attackers can use this vulnerability to read sensitive files, sensitive information, etc.

Trust: 0.6

sources: CNVD: CNVD-2022-38268

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-38268

AFFECTED PRODUCTS

vendor:

sunray network

model:

standard poe switch

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2022-38268

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2022-38268
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2022-38268
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2022-38268

PATCH

title:

Patch for Sundray Standard POE Switch Exists Arbitrary File Read Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/332931

Trust: 0.6

sources: CNVD: CNVD-2022-38268

EXTERNAL IDS

db:

CNVD

id:

CNVD-2022-38268

Trust: 0.6

sources: CNVD: CNVD-2022-38268

SOURCES

db:

CNVD

id:

CNVD-2022-38268

LAST UPDATE DATE

2023-11-21T05:22:04.325000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2022-38268

date:

2022-05-19T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2022-38268

date:

2022-05-08T00:00:00