CVE-2022-35572

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lower, (and potentially other vendors/devices due to code reuse), the /SysInfo.htm URI does not require a session ID. This web page calls a show_sysinfo function which retrieves WPA passwords, SSIDs, MAC Addresses, serial numbers, WPS Pins, and hardware/firmware versions, and prints this information into the web page. This web page is visible when remote management is enabled. A user who has access to the web interface of the device can extract these secrets. If the device has remote management enabled and is connected directly to the internet, this vulnerability is exploitable over the internet without interaction.

En el router WiFi Linksys E5350 con la versión de firmware 1.0.00.037 y anteriores, (y potencialmente en otros vendedores/dispositivos debido a un reúso del código), el URI /SysInfo.htm no requiere un ID de sesión. Esta página web llama a una función show_sysinfo que recupera las contraseñas WPA, los SSID, las direcciones MAC, los números de serie, los pines WPS y las versiones de hardware/firmware, e imprime esta información en la página web. Esta página web es visible cuando la administración remota está habilitada. Un usuario que tenga acceso a la interfaz web del dispositivo puede extraer estos secretos. Si el dispositivo presenta habilitada la administración remota y está conectado directamente a Internet, esta vulnerabilidad es explotable a través de Internet sin interacción

*Credits: N/A

CVSS Scores

NISTv3.1 7.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-07-11 CVE Reserved
2022-09-12 CVE Published
2024-04-04 EPSS Updated
2024-08-03 CVE Updated
2024-08-03 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-306: Missing Authentication for Critical Function

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC
https://willgu.es/?p=76	2024-08-03

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linksys Search vendor "Linksys"	E5350 Firmware Search vendor "Linksys" for product "E5350 Firmware"	<= 1.0.00.037 Search vendor "Linksys" for product "E5350 Firmware" and version " <= 1.0.00.037"	-	Affected	in	Linksys Search vendor "Linksys"	E5350 Search vendor "Linksys" for product "E5350"	-	-	Safe