Hidden Functionality

CVE-2022-3203

High

9.8/10

Summary

On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-912 - Hidden Functionality

The software contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the software's users or administrators.

References

Advisory Timeline

Published Oct 21, 2022

Hidden Functionality

CVE-2022-3203

Summary

CWE-912 - Hidden Functionality

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS