Filtered by vendor Chcnav
Subscribe
Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30622 | 1 Chcnav | 2 P5e Gnss, P5e Gnss Firmware | 2022-07-28 | N/A | 7.3 HIGH |
| Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sys_username_passwd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit information within the JS code sent to the customer within the Login.js file is a strong user (which is not documented) and also the password, which allow for super-user access. Username: chcadmin, Password: chcpassword. | |||||
| CVE-2022-30627 | 1 Chcnav | 2 P5e Gnss, P5e Gnss Firmware | 2022-07-23 | N/A | 7.5 HIGH |
| This vulnerability affects all of the company's products that also include the FW versions: update_i90_cv2.021_b20210104, update_i50_v1.0.55_b20200509, update_x6_v2.1.2_b202001127, update_b5_v2.0.9_b20200706. This vulnerability makes it possible to extract from the FW the existing user passwords on their operating systems and passwords. | |||||
| CVE-2022-30626 | 1 Chcnav | 2 P5e Gnss, P5e Gnss Firmware | 2022-07-23 | N/A | 7.5 HIGH |
| Browsing the path: http://ip/wifi_ap_pata_get.cmd, will show in the name of the existing access point on the component, and a password in clear text. | |||||
| CVE-2022-30624 | 1 Chcnav | 2 P5e Gnss, P5e Gnss Firmware | 2022-07-23 | N/A | 7.5 HIGH |
| Browsing the admin.html page allows the user to reset the admin password. Also appears in the JS code for the password. | |||||