What is the severity of CVE-2022-36159?

CVE-2022-36159 is considered a high severity vulnerability due to the presence of a hard-coded and weak hashed root password that can be exploited easily.

How do I fix CVE-2022-36159?

To fix CVE-2022-36159, update the affected Contec FXA3200 firmware to a version higher than 1.13.

Which devices are affected by CVE-2022-36159?

CVE-2022-36159 affects the Contec FXA3200 firmware version 1.13 and below.

Can CVE-2022-36159 lead to unauthorized access?

Yes, CVE-2022-36159 allows unauthorized access to the Wireless LAN Manager interface through compromised credentials.

Is there a patch available for CVE-2022-36159?

Yes, a patch is available in the form of a firmware update for the affected Contec devices.

Vulnerability/
CVE-2022-36159

high

8.8

CWE

798

26/9/2022

3/8/2024

CVE-2022-36159

First published: Mon Sep 26 2022(Updated: )

Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow. As the password strength is weak, it can be cracked in few minutes. Through this credential, a malicious actor can access the Wireless LAN Manager interface and open the telnet port then sniff the traffic or inject any malware.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Contec Fxa3000 Firmware	<=1.13.00
Contec Fxa3000 Firmware
Contec Fxa3020	<=1.13.00
Contec Fxa3020 Firmware
Contec Fxa3200 Firmware	<=1.13.00
Contec Fxa3200 Firmware
Contec Fxa2000	<1.39.00
Contec Fxa2000 Firmware

Remedy

https://jvn.jp/en/vu/JVNVU98305100/

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-36159?
CVE-2022-36159 is considered a high severity vulnerability due to the presence of a hard-coded and weak hashed root password that can be exploited easily.
How do I fix CVE-2022-36159?
To fix CVE-2022-36159, update the affected Contec FXA3200 firmware to a version higher than 1.13.
Which devices are affected by CVE-2022-36159?
CVE-2022-36159 affects the Contec FXA3200 firmware version 1.13 and below.
Can CVE-2022-36159 lead to unauthorized access?
Yes, CVE-2022-36159 allows unauthorized access to the Wireless LAN Manager interface through compromised credentials.
Is there a patch available for CVE-2022-36159?
Yes, a patch is available in the form of a firmware update for the affected Contec devices.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/remedy
agent/severity
agent/author
agent/weakness
agent/last-modified-date
agent/first-publish-date
agent/event
agent/description
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/contec
canonical/contec fxa3000 firmware
version/contec fxa3000 firmware/1.13.00
canonical/contec fxa3020
version/contec fxa3020/1.13.00
canonical/contec fxa3020 firmware
canonical/contec fxa3200 firmware
version/contec fxa3200 firmware/1.13.00
canonical/contec fxa2000
canonical/contec fxa2000 firmware

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.