What is CVE-2022-1039?

CVE-2022-1039 is a vulnerability that allows an attacker to exploit weak passwords on the web user interface.

What can an attacker do once they obtain access through CVE-2022-1039?

Once access is obtained, the attacker can change other passwords.

Is SSH enabled by default on trusted interfaces?

Yes, SSH is enabled by default on trusted interfaces.

What is the severity of CVE-2022-1039?

CVE-2022-1039 has a severity rating of 9.8 (critical).

How can I fix CVE-2022-1039?

To fix CVE-2022-1039, ensure strong passwords are used on the web user interface and Linux accounts, and disable Telnet or change the default SSH settings.

Vulnerability/
CVE-2022-1039

critical

CWE

521

20/4/2022

16/9/2024

CVE-2022-1039: ICSA-22-104-03 Red Lion DA50N

First published: Wed Apr 20 2022(Updated: )

The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access has been obtained, the other passwords can be changed. The weak password on Linux accounts can be accessed via SSH or Telnet, the former of which is by default enabled on trusted interfaces. While the SSH service does not support root login, a user logging in using either of the other Linux accounts may elevate to root access using the su command if they have access to the associated password.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Redlion Da50n Firmware
Redlion Da50n
Red Lion DA50N

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-22-104-03

Frequently Asked Questions

What is CVE-2022-1039?
CVE-2022-1039 is a vulnerability that allows an attacker to exploit weak passwords on the web user interface.
How can the weak password on the web user interface be exploited?
The weak password on the web user interface can be exploited via HTTP or HTTPS.
What can an attacker do once they obtain access through CVE-2022-1039?
Once access is obtained, the attacker can change other passwords.
How can the weak password on Linux accounts be accessed?
The weak password on Linux accounts can be accessed via SSH or Telnet.
Is SSH enabled by default on trusted interfaces?
Yes, SSH is enabled by default on trusted interfaces.
What is the severity of CVE-2022-1039?
CVE-2022-1039 has a severity rating of 9.8 (critical).
How can I fix CVE-2022-1039?
To fix CVE-2022-1039, ensure strong passwords are used on the web user interface and Linux accounts, and disable Telnet or change the default SSH settings.

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/weakness
agent/title
agent/description
agent/first-publish-date
agent/severity
agent/references
agent/softwarecombine
agent/tags
agent/event
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup
vendor/redlion
canonical/redlion da50n firmware
canonical/redlion da50n
vendor/red lion
canonical/red lion da50n

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.