CVE-2022-28717
CVSS V2 Low 3.5
CVSS V3 Medium 4.8
Description
Cross-site scripting vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini RPC-M4H [End of Sale] all firmware versions, WATCH BOOT nino RPC-M2CS firmware version 1.00A to 1.00D, WATCH BOOT light RPC-M5CS firmware version 1.00A to 1.00D, WATCH BOOT L-zero RPC-M4LS firmware version 1.00A to 1.20A, and Signage Rebooter RPC-M4HSi firmware version 1.00A), PoE Rebooter(PoE BOOT nino PoE8M2 firmware version 1.00A to 1.20A), Scheduler(TIME BOOT mini RSC-MT4H [End of Sale] all firmware versions, TIME BOOT RSC-MT8F [End of Sale] all firmware versions, TIME BOOT RSC-MT8FP [End of Sale] all firmware versions, TIME BOOT mini RSC-MT4HS firmware version 1.00A to 1.10A, and TIME BOOT RSC-MT8FS firmware version 1.00A to 1.00E), and Contact Converter(POSE SE10-8A7B1 firmware version 1.00A to 1.20A) allows a remote attacker with the administrative privilege to inject an arbitrary script via unspecified vectors.
Overview
- CVE ID
- CVE-2022-28717
- Assigner
- vultures@jpcert.or.jp
- Vulnerability Status
- Analyzed
- Published Version
- 2022-05-18T15:15:10
- Last Modified Date
- 2022-06-02T15:07:52
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
AND | ||||
cpe:2.3:o:meikyo:watch_boot_nino_rpc-m2c_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:h:meikyo:watch_boot_nino_rpc-m2c:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:meikyo:watch_boot_light_rpc-m5c_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:h:meikyo:watch_boot_light_rpc-m5c:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:meikyo:watch_boot_l-zero_rpc-m4l_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:h:meikyo:watch_boot_l-zero_rpc-m4l:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:meikyo:watch_boot_mini_rpc-m4h_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:h:meikyo:watch_boot_mini_rpc-m4h:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:meikyo:watch_boot_nino_rpc-m2cs_firmware:*:*:*:*:*:*:*:* | 1 | OR | 1.00a | 1.00d |
cpe:2.3:h:meikyo:watch_boot_nino_rpc-m2cs:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:meikyo:watch_boot_light_rpc-m5cs_firmware:*:*:*:*:*:*:*:* | 1 | OR | 1.00a | 1.00d |
cpe:2.3:h:meikyo:watch_boot_light_rpc-m5cs:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:meikyo:watch_boot_l-zero_rpc-m4ls_firmware:*:*:*:*:*:*:*:* | 1 | OR | 1.00a | 1.20a |
cpe:2.3:h:meikyo:watch_boot_l-zero_rpc-m4ls:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:meikyo:signage_rebooter_rpc-m4hsi_firmware:1.00a:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:h:meikyo:signage_rebooter_rpc-m4hsi:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:meikyo:poe_boot_nino_poe8m2_firmware:*:*:*:*:*:*:*:* | 1 | OR | 1.00a | 1.20a |
cpe:2.3:h:meikyo:poe_boot_nino_poe8m2:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:meikyo:time_boot_mini_rsc-mt4h_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:h:meikyo:time_boot_mini_rsc-mt4h:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:meikyo:time_boot_rsc-mt8f_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:h:meikyo:time_boot_rsc-mt8f:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:meikyo:time_boot_rsc-mt8fp_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:h:meikyo:time_boot_rsc-mt8fp:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:meikyo:time_boot_mini_rsc-mt4hs_firmware:*:*:*:*:*:*:*:* | 1 | OR | 1.00a | 1.10a |
cpe:2.3:h:meikyo:time_boot_mini_rsc-mt4hs:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:meikyo:time_boot_rsc-mt8fs_firmware:*:*:*:*:*:*:*:* | 1 | OR | 1.00a | 1.00e |
cpe:2.3:h:meikyo:time_boot_rsc-mt8fs:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:meikyo:pose_se10-8a7b1_firmware:*:*:*:*:*:*:*:* | 1 | OR | 1.00a | 1.20a |
cpe:2.3:o:meikyo:pose_se10-8a7b1_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:h:meikyo:pose_se10-8a7b1:-:*:*:*:*:*:*:* | 0 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:M/Au:S/C:N/I:P/A:N
- Access Vector
- NETWORK
- Access Compatibility
- MEDIUM
- Authentication
- SINGLE
- Confidentiality Impact
- NONE
- Integrity Impact
- PARTIAL
- Availability Impact
- NONE
- Base Score
- 3.5
- Severity
- LOW
- Exploitability Score
- 6.8
- Impact Score
- 2.9
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- HIGH
- User Interaction
- REQUIRED
- Scope
- CHANGED
- Confidentiality Impact
- LOW
- Availability Impact
- NONE
- Base Score
- 4.8
- Base Severity
- MEDIUM
- Exploitability Score
- 1.7
- Impact Score
- 2.7
References
Reference URL | Reference Tags |
---|---|
https://www.meikyo.co.jp/vln/ | |
https://jvn.jp/en/jp/JVN58266015/index.html |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-28717 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28717 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2022-05-18 16:00:22 | Added to TrackCVE |