ID

VAR-202209-0467


CVE

CVE-2022-38399


TITLE

Planex Holding SmaCam CS-QR10 and SmaCam Night Vision CS-QR20 Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202209-493

DESCRIPTION

Missing protection mechanism for alternate hardware interface in SmaCam CS-QR10 all versions and SmaCam Night Vision CS-QR20 all versions allows an attacker to execute an arbitrary OS command by having the product connect to the product's specific serial connection

Trust: 0.99

sources: NVD: CVE-2022-38399 // VULMON: CVE-2022-38399

AFFECTED PRODUCTS

vendor:planexmodel:cs-qr10scope:eqversion:*

Trust: 1.0

vendor:planexmodel:cs-qr20scope:eqversion:*

Trust: 1.0

sources: NVD: CVE-2022-38399

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-38399
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202209-493
value: MEDIUM

Trust: 0.6

NVD: CVE-2022-38399
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202209-493 // NVD: CVE-2022-38399

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2022-38399

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202209-493

CONFIGURATIONS

sources: NVD: CVE-2022-38399

EXTERNAL IDS

db:JVNid:JVNVU90766406

Trust: 1.7

db:NVDid:CVE-2022-38399

Trust: 1.7

db:CNNVDid:CNNVD-202209-493

Trust: 0.6

db:VULMONid:CVE-2022-38399

Trust: 0.1

sources: VULMON: CVE-2022-38399 // CNNVD: CNNVD-202209-493 // NVD: CVE-2022-38399

REFERENCES

url:https://www.planex.co.jp/products/cs-qr10/index.shtml

Trust: 1.7

url:https://www.planex.co.jp/products/cs-qr20/index.shtml

Trust: 1.7

url:https://jvn.jp/en/vu/jvnvu90766406/index.html

Trust: 1.7

url:https://cxsecurity.com/cveshow/cve-2022-38399/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2022-38399 // CNNVD: CNNVD-202209-493 // NVD: CVE-2022-38399

SOURCES

db:VULMONid:CVE-2022-38399
db:CNNVDid:CNNVD-202209-493
db:NVDid:CVE-2022-38399

LAST UPDATE DATE

2022-09-20T02:12:27.648000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-38399date:2022-09-08T00:00:00
db:CNNVDid:CNNVD-202209-493date:2022-09-16T00:00:00
db:NVDid:CVE-2022-38399date:2022-09-15T22:23:00

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-38399date:2022-09-08T00:00:00
db:CNNVDid:CNNVD-202209-493date:2022-09-08T00:00:00
db:NVDid:CVE-2022-38399date:2022-09-08T08:15:00