CVE-2022-2591

HIGH

TEM FLEX-1085 1.6.0 - Denial of Service via /sistema/flash/reboot

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-2591. PoCs published by Mr Empy.

AI-analyzed exploit summary This exploit targets a Denial of Service (DoS) vulnerability in FLEX 1080 Web 1.6.0 by repeatedly sending reboot requests to the target device. It checks for a 'Rebooting' response to confirm vulnerability.

Description

A vulnerability classified as critical has been found in TEM FLEX-1085 1.6.0. Affected is an unknown function of the file /sistema/flash/reboot. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

exploitdb WORKING POC

by Mr Empy · pythondosandroid

https://www.exploit-db.com/exploits/51438

View Code ZIP pw:eip

This exploit targets a Denial of Service (DoS) vulnerability in FLEX 1080 Web 1.6.0 by repeatedly sending reboot requests to the target device. It checks for a 'Rebooting' response to confirm vulnerability.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: FLEX 1080 Web 1.6.0

No auth needed

Prerequisites: Network access to the target device · Target device must be running vulnerable FLEX 1080 Web 1.6.0

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory, VDB Entry

http://packetstormsecurity.com/files/172323/FLEX-Denial-Of-Service.html

Exploit, Third Party Advisory

https://vuldb.com/?id.205344

Scores

CVSS v3 7.5

EPSS 0.0641

EPSS Percentile 92.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-404

Status published

Products (1)

tem/flex-1085_firmware 1.6.0

Published Aug 01, 2022

Tracked Since Feb 18, 2026