Sign-up

ID

VAR-202210-1016


CVE

CVE-2022-34845


TITLE

robustel  of  r1510  Insufficient validation of data authenticity in firmware vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-019846

DESCRIPTION

A firmware update vulnerability exists in the sysupgrade functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network packet can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability. robustel of r1510 Firmware contains insufficient validation of data authenticity.Information may be tampered with

Trust: 1.62

sources: NVD: CVE-2022-34845 // JVNDB: JVNDB-2022-019846

AFFECTED PRODUCTS

vendor:robustelmodel:r1510scope:eqversion:3.1.16

Trust: 1.0

vendor:robustelmodel:r1510scope:eqversion:3.3.0

Trust: 1.0

vendor:robustelmodel:r1510scope: - version: -

Trust: 0.8

vendor:robustelmodel:r1510scope:eqversion: -

Trust: 0.8

vendor:robustelmodel:r1510scope:eqversion:r1510 firmware 3.3.0

Trust: 0.8

vendor:robustelmodel:r1510scope:eqversion:r1510 firmware 3.1.16

Trust: 0.8

sources: JVNDB: JVNDB-2022-019846 // NVD: CVE-2022-34845

CVSS

SEVERITY

CVSSV2

CVSSV3

talos-cna@cisco.com: CVE-2022-34845
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2022-34845
value: LOW

Trust: 1.0

NVD: CVE-2022-34845
value: LOW

Trust: 0.8

CNNVD: CNNVD-202210-1029
value: LOW

Trust: 0.6

talos-cna@cisco.com: CVE-2022-34845
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.5
version: 3.0

Trust: 1.0

nvd@nist.gov: CVE-2022-34845
baseSeverity: LOW
baseScore: 2.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-34845
baseSeverity: LOW
baseScore: 2.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-019846 // CNNVD: CNNVD-202210-1029 // NVD: CVE-2022-34845 // NVD: CVE-2022-34845

PROBLEMTYPE DATA

problemtype:CWE-345

Trust: 1.0

problemtype:Inadequate verification of data reliability (CWE-345) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-019846 // NVD: CVE-2022-34845

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-1029

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-202210-1029

PATCH

title:Robustel R1510 Repair measures for data forgery problem vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=212080

Trust: 0.6

sources: CNNVD: CNNVD-202210-1029

EXTERNAL IDS

db:NVDid:CVE-2022-34845

Trust: 3.2

db:TALOSid:TALOS-2022-1580

Trust: 2.4

db:JVNDBid:JVNDB-2022-019846

Trust: 0.8

db:CNNVDid:CNNVD-202210-1029

Trust: 0.6

sources: JVNDB: JVNDB-2022-019846 // CNNVD: CNNVD-202210-1029 // NVD: CVE-2022-34845

REFERENCES

url:https://talosintelligence.com/vulnerability_reports/talos-2022-1580

Trust: 3.0

url:https://nvd.nist.gov/vuln/detail/cve-2022-34845

Trust: 1.4

url:https://cxsecurity.com/cveshow/cve-2022-34845/

Trust: 0.6

sources: JVNDB: JVNDB-2022-019846 // CNNVD: CNNVD-202210-1029 // NVD: CVE-2022-34845

CREDITS

Discovered by Francesco Benvenuto of Cisco Talos.

Trust: 0.6

sources: CNNVD: CNNVD-202210-1029

SOURCES

db:JVNDBid:JVNDB-2022-019846
db:CNNVDid:CNNVD-202210-1029
db:NVDid:CVE-2022-34845

LAST UPDATE DATE

2024-08-14T13:42:19.488000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2022-019846date:2023-10-27T08:14:00
db:CNNVDid:CNNVD-202210-1029date:2022-10-27T00:00:00
db:NVDid:CVE-2022-34845date:2022-10-26T03:24:41.727

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2022-019846date:2023-10-27T00:00:00
db:CNNVDid:CNNVD-202210-1029date:2022-10-14T00:00:00
db:NVDid:CVE-2022-34845date:2022-10-25T17:15:53.563