CVE-2022-26516

Severity CVSS v4.0:
Pending analysis
Type:
CWE-345 Insufficient Verification of Data Authenticity
Publication date:
20/04/2022
Last modified:
29/04/2022

Description

Authorized users may install a maliciously modified package file when updating the device via the web user interface. The user may inadvertently use a package file obtained from an unauthorized source or a file that was compromised between download and deployment.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:redlion:da50n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:redlion:da50n:-:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools