CVE-2022-1077

MEDIUM

TEM FLEX-1080 and FLEX-1085 1.6.0 - Unauthenticated Sensitive Information Exposure via Log Handler

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-1077. PoCs published by brosck.

AI-analyzed exploit summary This PoC exploits an authentication bypass vulnerability in TEM FLEX-1080 and FLEX-1085 1.6.0 by rebooting the device and extracting credentials from the log.cgi endpoint. It demonstrates an info_leak and auth_bypass attack.

Description

A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initiated remotely and does not require any form of authentication.

Exploits (2)

nomisec WORKING POC 4 stars

by brosck · poc

https://github.com/brosck/CVE-2022-1077

View Code ZIP pw:eip

This PoC exploits an authentication bypass vulnerability in TEM FLEX-1080 and FLEX-1085 1.6.0 by rebooting the device and extracting credentials from the log.cgi endpoint. It demonstrates an info_leak and auth_bypass attack.

Classification

Working Poc 95%

Attack Type

Info Leak | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: TEM FLEX-1080 and FLEX-1085 1.6.0

No auth needed

Prerequisites: Network access to the target device

MITRE ATT&CK

T1552 - Unsecured Credentials T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

inthewild WORKING POC

poc

https://github.com/mrempy/cve-2022-1077

View Code ZIP pw:eip

The repository contains a functional Python exploit for CVE-2022-1077, which targets TEM FLEX-1080 and FLEX-1085 devices running version 1.6.0. The exploit bypasses authentication by rebooting the device and then extracts credentials from the log.cgi endpoint.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: TEM FLEX-1080 and FLEX-1085 1.6.0

No auth needed

Prerequisites: network access to the target device

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory x_refsource_misc

https://vuldb.com/?id.194848

Scores

CVSS v3 5.3

EPSS 0.0318

EPSS Percentile 87.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-200 CWE-425

Status published

Products (2)

tem/flex-1080_firmware 1.6.0

tem/flex-1085_firmware 1.6.0

Published Mar 29, 2022

Tracked Since Feb 18, 2026