Sign-up

ID

VAR-202207-0241


CVE

CVE-2022-34598


TITLE

H3C  of  magic r100  Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-012736

DESCRIPTION

The udpserver in H3C Magic R100 V200R004 and V100R005 has the 9034 port opened, allowing attackers to execute arbitrary commands. H3C of magic r100 There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-34598 // JVNDB: JVNDB-2022-012736 // VULMON: CVE-2022-34598

AFFECTED PRODUCTS

vendor:h3cmodel:magic r100scope:eqversion:v200r004

Trust: 1.0

vendor:h3cmodel:magic r100scope:eqversion:v100r005

Trust: 1.0

vendor:h3cmodel:magic r100scope:eqversion: -

Trust: 0.8

vendor:h3cmodel:magic r100scope: - version: -

Trust: 0.8

vendor:h3cmodel:magic r100scope:eqversion:magic r100 firmware v100r005

Trust: 0.8

vendor:h3cmodel:magic r100scope:eqversion:magic r100 firmware v200r004

Trust: 0.8

sources: JVNDB: JVNDB-2022-012736 // NVD: CVE-2022-34598

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-34598
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-34598
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202207-481
value: CRITICAL

Trust: 0.6

VULMON: CVE-2022-34598
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-34598
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2022-34598
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-34598
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2022-34598 // JVNDB: JVNDB-2022-012736 // CNNVD: CNNVD-202207-481 // NVD: CVE-2022-34598

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-012736 // NVD: CVE-2022-34598

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-481

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202207-481

EXTERNAL IDS

db:NVDid:CVE-2022-34598

Trust: 3.3

db:JVNDBid:JVNDB-2022-012736

Trust: 0.8

db:CNNVDid:CNNVD-202207-481

Trust: 0.6

db:VULMONid:CVE-2022-34598

Trust: 0.1

sources: VULMON: CVE-2022-34598 // JVNDB: JVNDB-2022-012736 // CNNVD: CNNVD-202207-481 // NVD: CVE-2022-34598

REFERENCES

url:https://github.com/zhefox/iot_vul/tree/main/h3c/h3cr100/1

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-34598

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-34598/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2022-34598 // JVNDB: JVNDB-2022-012736 // CNNVD: CNNVD-202207-481 // NVD: CVE-2022-34598

SOURCES

db:VULMONid:CVE-2022-34598
db:JVNDBid:JVNDB-2022-012736
db:CNNVDid:CNNVD-202207-481
db:NVDid:CVE-2022-34598

LAST UPDATE DATE

2024-08-14T14:02:31.414000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-34598date:2022-07-14T00:00:00
db:JVNDBid:JVNDB-2022-012736date:2023-09-01T08:14:00
db:CNNVDid:CNNVD-202207-481date:2022-07-15T00:00:00
db:NVDid:CVE-2022-34598date:2022-07-14T12:23:32.293

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-34598date:2022-07-06T00:00:00
db:JVNDBid:JVNDB-2022-012736date:2023-09-01T00:00:00
db:CNNVDid:CNNVD-202207-481date:2022-07-06T00:00:00
db:NVDid:CVE-2022-34598date:2022-07-06T17:15:08.300