CVE-2022-36159
Severity CVSS v4.0:
Pending analysis
Type:
CWE-798
Use of Hard-coded Credentials
Publication date:
26/09/2022
Last modified:
21/05/2025
Description
Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow. As the password strength is weak, it can be cracked in few minutes. Through this credential, a malicious actor can access the Wireless LAN Manager interface and open the telnet port then sniff the traffic or inject any malware.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:contec:fxa3000_firmware:*:*:*:*:*:*:*:* | 1.13.00 (including) | |
| cpe:2.3:h:contec:fxa3000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:contec:fxa3020_firmware:*:*:*:*:*:*:*:* | 1.13.00 (including) | |
| cpe:2.3:h:contec:fxa3020:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:contec:fxa3200_firmware:*:*:*:*:*:*:*:* | 1.13.00 (including) | |
| cpe:2.3:h:contec:fxa3200:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:contec:fxa2000_firmware:*:*:*:*:*:*:*:* | 1.39.00 (excluding) | |
| cpe:2.3:h:contec:fxa2000:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://gist.github.com/Nwqda/aac33d1936d2b514a3268f145345abb4
- https://jvn.jp/en/vu/JVNVU98305100/
- https://samy.link/blog/contec-flexlan-fxa2000-and-fxa3000-series-vulnerability-repo
- https://www.contec.com/products-services/computer-networking/flexlan-fx/fx-accesspoint/fxa3200/feature/#section
- https://gist.github.com/Nwqda/aac33d1936d2b514a3268f145345abb4
- https://jvn.jp/en/vu/JVNVU98305100/
- https://samy.link/blog/contec-flexlan-fxa2000-and-fxa3000-series-vulnerability-repo
- https://www.contec.com/products-services/computer-networking/flexlan-fx/fx-accesspoint/fxa3200/feature/#section