CVE-2022-27632
CVSS V2 Medium 6.8
CVSS V3 High 8.8
Description
Cross-site request forgery (CSRF) vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini RPC-M4H [End of Sale] all firmware versions, WATCH BOOT nino RPC-M2CS firmware version 1.00A to 1.00D, WATCH BOOT light RPC-M5CS firmware version 1.00A to 1.00D, WATCH BOOT L-zero RPC-M4LS firmware version 1.00A to 1.20A, and Signage Rebooter RPC-M4HSi firmware version 1.00A), PoE Rebooter(PoE BOOT nino PoE8M2 firmware version 1.00A to 1.20A), Scheduler(TIME BOOT mini RSC-MT4H [End of Sale] all firmware versions, TIME BOOT RSC-MT8F [End of Sale] all firmware versions, TIME BOOT RSC-MT8FP [End of Sale] all firmware versions, TIME BOOT mini RSC-MT4HS firmware version 1.00A to 1.10A, and TIME BOOT RSC-MT8FS firmware version 1.00A to 1.00E), and Contact Converter(POSE SE10-8A7B1 firmware version 1.00A to 1.20A) allows a remote attacker to hijack the authentication of an administrator and conduct arbitrary operations by having a user to view a specially crafted page.
Overview
- CVE ID
- CVE-2022-27632
- Assigner
- vultures@jpcert.or.jp
- Vulnerability Status
- Analyzed
- Published Version
- 2022-05-18T15:15:10
- Last Modified Date
- 2022-06-02T15:07:42
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| AND | ||||
| cpe:2.3:o:meikyo:watch_boot_nino_rpc-m2c_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:meikyo:watch_boot_nino_rpc-m2c:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:meikyo:watch_boot_light_rpc-m5c_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:meikyo:watch_boot_light_rpc-m5c:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:meikyo:watch_boot_l-zero_rpc-m4l_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:meikyo:watch_boot_l-zero_rpc-m4l:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:meikyo:watch_boot_mini_rpc-m4h_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:meikyo:watch_boot_mini_rpc-m4h:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:meikyo:watch_boot_nino_rpc-m2cs_firmware:*:*:*:*:*:*:*:* | 1 | OR | 1.00a | 1.00d |
| cpe:2.3:h:meikyo:watch_boot_nino_rpc-m2cs:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:meikyo:watch_boot_light_rpc-m5cs_firmware:*:*:*:*:*:*:*:* | 1 | OR | 1.00a | 1.00d |
| cpe:2.3:h:meikyo:watch_boot_light_rpc-m5cs:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:meikyo:watch_boot_l-zero_rpc-m4ls_firmware:*:*:*:*:*:*:*:* | 1 | OR | 1.00a | 1.20a |
| cpe:2.3:h:meikyo:watch_boot_l-zero_rpc-m4ls:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:meikyo:signage_rebooter_rpc-m4hsi_firmware:1.00a:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:meikyo:signage_rebooter_rpc-m4hsi:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:meikyo:poe_boot_nino_poe8m2_firmware:*:*:*:*:*:*:*:* | 1 | OR | 1.00a | 1.20a |
| cpe:2.3:h:meikyo:poe_boot_nino_poe8m2:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:meikyo:time_boot_mini_rsc-mt4h_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:meikyo:time_boot_mini_rsc-mt4h:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:meikyo:time_boot_rsc-mt8f_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:meikyo:time_boot_rsc-mt8f:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:meikyo:time_boot_rsc-mt8fp_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:meikyo:time_boot_rsc-mt8fp:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:meikyo:time_boot_mini_rsc-mt4hs_firmware:*:*:*:*:*:*:*:* | 1 | OR | 1.00a | 1.10a |
| cpe:2.3:h:meikyo:time_boot_mini_rsc-mt4hs:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:meikyo:time_boot_rsc-mt8fs_firmware:*:*:*:*:*:*:*:* | 1 | OR | 1.00a | 1.00e |
| cpe:2.3:h:meikyo:time_boot_rsc-mt8fs:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:meikyo:pose_se10-8a7b1_firmware:*:*:*:*:*:*:*:* | 1 | OR | 1.00a | 1.20a |
| cpe:2.3:o:meikyo:pose_se10-8a7b1_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:meikyo:pose_se10-8a7b1:-:*:*:*:*:*:*:* | 0 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:M/Au:N/C:P/I:P/A:P
- Access Vector
- NETWORK
- Access Compatibility
- MEDIUM
- Authentication
- NONE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- PARTIAL
- Availability Impact
- PARTIAL
- Base Score
- 6.8
- Severity
- MEDIUM
- Exploitability Score
- 8.6
- Impact Score
- 6.4
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- NONE
- User Interaction
- REQUIRED
- Scope
- UNCHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- HIGH
- Base Score
- 8.8
- Base Severity
- HIGH
- Exploitability Score
- 2.8
- Impact Score
- 5.9
References
| Reference URL | Reference Tags |
|---|---|
| https://www.meikyo.co.jp/vln/ | |
| https://jvn.jp/en/jp/JVN58266015/index.html |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-27632 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27632 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-18 16:00:22 | Added to TrackCVE |