CVE-2022-35239

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated attacker uploads a specially crafted PHP file.

La página de administración de archivos de imagen de SolarView Compact SV-CPT-MC310 Versiones 7.23 y anteriores, y SV-CPT-MC310F Versiones 7.23 y anteriores, contiene una vulnerabilidad de verificación insuficiente cuando son cargados archivos. Si es explotada esta vulnerabilidad, puede ejecutarse código PHP arbitrario si un atacante remoto autenticado carga un archivo PHP especialmente diseñado.

*Credits: N/A

CVSS Scores

NISTv3.1 8.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-07-21 CVE Reserved
2022-08-16 CVE Published
2024-07-02 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (3)

URL	Tag	Source
https://jvn.jp/en/vu/JVNVU93696585	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.contec.com/jp/api/downloadlogger?download=/jp/-/media/Contec/jp/support/security-info/contec_security_solarview_220727.pdf	2022-08-18
https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware	2022-08-18

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Contec Search vendor "Contec"	Sv-cpt-mc310f Firmware Search vendor "Contec" for product "Sv-cpt-mc310f Firmware"	< 7.24 Search vendor "Contec" for product "Sv-cpt-mc310f Firmware" and version " < 7.24"	-	Affected	in	Contec Search vendor "Contec"	Sv-cpt-mc310f Search vendor "Contec" for product "Sv-cpt-mc310f"	-	-	Safe
Contec Search vendor "Contec"	Sv-cpt-mc310 Firmware Search vendor "Contec" for product "Sv-cpt-mc310 Firmware"	< 7.24 Search vendor "Contec" for product "Sv-cpt-mc310 Firmware" and version " < 7.24"	-	Affected	in	Contec Search vendor "Contec"	Sv-cpt-mc310 Search vendor "Contec" for product "Sv-cpt-mc310"	-	-	Safe