CWE
521
Advisory Published
Updated

CVE-2022-1039: ICSA-22-104-03 Red Lion DA50N

First published: Wed Apr 20 2022(Updated: )

The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access has been obtained, the other passwords can be changed. The weak password on Linux accounts can be accessed via SSH or Telnet, the former of which is by default enabled on trusted interfaces. While the SSH service does not support root login, a user logging in using either of the other Linux accounts may elevate to root access using the su command if they have access to the associated password.

Credit: ics-cert@hq.dhs.gov

Affected SoftwareAffected VersionHow to fix
Redlion Da50n Firmware
Redlion Da50n
Red Lion DA50N

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2022-1039?

    CVE-2022-1039 is a vulnerability that allows an attacker to exploit weak passwords on the web user interface.

  • How can the weak password on the web user interface be exploited?

    The weak password on the web user interface can be exploited via HTTP or HTTPS.

  • What can an attacker do once they obtain access through CVE-2022-1039?

    Once access is obtained, the attacker can change other passwords.

  • How can the weak password on Linux accounts be accessed?

    The weak password on Linux accounts can be accessed via SSH or Telnet.

  • Is SSH enabled by default on trusted interfaces?

    Yes, SSH is enabled by default on trusted interfaces.

  • What is the severity of CVE-2022-1039?

    CVE-2022-1039 has a severity rating of 9.8 (critical).

  • How can I fix CVE-2022-1039?

    To fix CVE-2022-1039, ensure strong passwords are used on the web user interface and Linux accounts, and disable Telnet or change the default SSH settings.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203