Details of VAR-202207-1591

ID

VAR-202207-1591

CVE

CVE-2022-24660

TITLE

goldshell of goldshell miner Vulnerability related to plaintext storage of important information in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2022-013588

DESCRIPTION

The debug interface of Goldshell ASIC Miners v2.2.1 and below was discovered to be exposed publicly on the web interface, allowing attackers to access passwords and other sensitive information in plaintext. goldshell of goldshell miner The firmware contains a vulnerability related to plaintext storage of sensitive information.Information may be obtained

Trust: 1.8

sources: NVD: CVE-2022-24660 // JVNDB: JVNDB-2022-013588 // VULHUB: VHN-414394 // VULMON: CVE-2022-24660

AFFECTED PRODUCTS

vendor:	goldshell	model:	miner	scope:	lte	version:	2.2.1	Trust: 1.0
vendor:	goldshell	model:	miner	scope:	-	version:	-	Trust: 0.8
vendor:	goldshell	model:	miner	scope:	eq	version:	-	Trust: 0.8
vendor:	goldshell	model:	miner	scope:	lte	version:	goldshell miner firmware 2.2.1 and earlier	Trust: 0.8

sources: JVNDB: JVNDB-2022-013588 // NVD: CVE-2022-24660

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-24660
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-24660
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202207-2000
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-24660
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-24660
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-013588 // CNNVD: CNNVD-202207-2000 // NVD: CVE-2022-24660

PROBLEMTYPE DATA

problemtype:	CWE-312	Trust: 1.1
problemtype:	Plaintext storage of important information (CWE-312) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-414394 // JVNDB: JVNDB-2022-013588 // NVD: CVE-2022-24660

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-2000

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202207-2000

PATCH

title:

Goldshell ASIC Miners Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=201694

Trust: 0.6

sources: CNNVD: CNNVD-202207-2000

EXTERNAL IDS

db:	NVD	id:	CVE-2022-24660	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-013588	Trust: 0.8
db:	CNNVD	id:	CNNVD-202207-2000	Trust: 0.6
db:	VULHUB	id:	VHN-414394	Trust: 0.1
db:	VULMON	id:	CVE-2022-24660	Trust: 0.1

sources: VULHUB: VHN-414394 // VULMON: CVE-2022-24660 // JVNDB: JVNDB-2022-013588 // CNNVD: CNNVD-202207-2000 // NVD: CVE-2022-24660

REFERENCES

url:	https://github.com/goldshellminer/firmware	Trust: 2.6
url:	https://jamesachambers.com/cryptocurrency-asic-miners-security-and-hacking-audit/	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24660	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-24660/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-414394 // VULMON: CVE-2022-24660 // JVNDB: JVNDB-2022-013588 // CNNVD: CNNVD-202207-2000 // NVD: CVE-2022-24660

SOURCES

db:	VULHUB	id:	VHN-414394
db:	VULMON	id:	CVE-2022-24660
db:	JVNDB	id:	JVNDB-2022-013588
db:	CNNVD	id:	CNNVD-202207-2000
db:	NVD	id:	CVE-2022-24660

LAST UPDATE DATE

2024-08-14T15:37:30.137000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-414394	date:	2022-07-27T00:00:00
db:	VULMON	id:	CVE-2022-24660	date:	2022-07-20T00:00:00
db:	JVNDB	id:	JVNDB-2022-013588	date:	2023-09-08T08:29:00
db:	CNNVD	id:	CNNVD-202207-2000	date:	2022-08-10T00:00:00
db:	NVD	id:	CVE-2022-24660	date:	2022-07-27T22:03:45.903

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-414394	date:	2022-07-20T00:00:00
db:	VULMON	id:	CVE-2022-24660	date:	2022-07-20T00:00:00
db:	JVNDB	id:	JVNDB-2022-013588	date:	2023-09-08T00:00:00
db:	CNNVD	id:	CNNVD-202207-2000	date:	2022-07-20T00:00:00
db:	NVD	id:	CVE-2022-24660	date:	2022-07-20T13:15:08.383