CVE-2022-40055

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate privileges via a brute force attack at the login page.

Un problema en GX Group GPON ONT Titanium 2122A versión T2122-V1.26EXL, permite a atacantes escalar privilegios por medio de un ataque de fuerza bruta en la página de inicio de sesión

*Credits: N/A

CVSS Scores

NISTv3.1 9.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-09-06 CVE Reserved
2022-10-17 CVE Published
2024-06-07 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-307: Improper Restriction of Excessive Authentication Attempts

CAPEC

References (3)

URL	Tag	Source
http://gpon.com	Not Applicable
http://gx.com	Broken Link
https://blog.alphathreat.in/index.php?post/2022/10/01/Achieving-CVE-2022-40055	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gxgroup Search vendor "Gxgroup"	Gpon Ont Titanium 2122a Firmware Search vendor "Gxgroup" for product "Gpon Ont Titanium 2122a Firmware"	t2122-v1.26exl Search vendor "Gxgroup" for product "Gpon Ont Titanium 2122a Firmware" and version "t2122-v1.26exl"	-	Affected	in	Gxgroup Search vendor "Gxgroup"	Gpon Ont Titanium 2122a Search vendor "Gxgroup" for product "Gpon Ont Titanium 2122a"	c40-210 Search vendor "Gxgroup" for product "Gpon Ont Titanium 2122a" and version "c40-210"	-	Safe