CVE-2022-32985
Severity CVSS v4.0:
Pending analysis
Type:
CWE-798
Use of Hard-coded Credentials
Publication date:
17/07/2022
Last modified:
25/07/2022
Description
libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:nexans:gigaswitch_641_desk_v5_sfp-vi_firmware:*:*:*:*:*:*:*:* | 6.02n (excluding) | |
| cpe:2.3:o:nexans:gigaswitch_641_desk_v5_sfp-vi_firmware:*:*:*:*:*:*:*:* | 7.0 (including) | 7.02 (excluding) |
| cpe:2.3:h:nexans:gigaswitch_641_desk_v5_sfp-vi:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:nexans:gigaswitch_642_desk_v5_sfp-2vi_firmware:*:*:*:*:*:*:*:* | 6.02n (excluding) | |
| cpe:2.3:o:nexans:gigaswitch_642_desk_v5_sfp-2vi_firmware:*:*:*:*:*:*:*:* | 7.0 (including) | 7.02 (excluding) |
| cpe:2.3:h:nexans:gigaswitch_642_desk_v5_sfp-2vi:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:nexans:gigaswitch_v5_2tp\(pd-f\+\)_sfp-vi_54vdc_firmware:*:*:*:*:*:*:*:* | 6.02n (excluding) | |
| cpe:2.3:o:nexans:gigaswitch_v5_2tp\(pd-f\+\)_sfp-vi_54vdc_firmware:*:*:*:*:*:*:*:* | 7.0 (including) | 7.02 (excluding) |
| cpe:2.3:h:nexans:gigaswitch_v5_2tp\(pd-f\+\)_sfp-vi_54vdc:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:nexans:gigaswitch_v5_2tp\(pse\+\)_sfp-vi_54vdc_firmware:*:*:*:*:*:*:*:* | 6.02n (excluding) | |
| cpe:2.3:o:nexans:gigaswitch_v5_2tp\(pse\+\)_sfp-vi_54vdc_firmware:*:*:*:*:*:*:*:* | 7.0 (including) | 7.02 (excluding) |
| cpe:2.3:h:nexans:gigaswitch_v5_2tp\(pse\+\)_sfp-vi_54vdc:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:nexans:gigaswitch_v5_2tp_sfp-vi_54vdc_firmware:*:*:*:*:*:*:*:* | 6.02n (excluding) | |
| cpe:2.3:o:nexans:gigaswitch_v5_2tp_sfp-vi_54vdc_firmware:*:*:*:*:*:*:*:* | 7.0 (including) | 7.02 (excluding) |
| cpe:2.3:h:nexans:gigaswitch_v5_2tp_sfp-vi_54vdc:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page