CVE-2022-27632

HIGH

Meikyo Rebooter, PoE Rebooter, Scheduler, and Contact Converter - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini RPC-M4H [End of Sale] all firmware versions, WATCH BOOT nino RPC-M2CS firmware version 1.00A to 1.00D, WATCH BOOT light RPC-M5CS firmware version 1.00A to 1.00D, WATCH BOOT L-zero RPC-M4LS firmware version 1.00A to 1.20A, and Signage Rebooter RPC-M4HSi firmware version 1.00A), PoE Rebooter(PoE BOOT nino PoE8M2 firmware version 1.00A to 1.20A), Scheduler(TIME BOOT mini RSC-MT4H [End of Sale] all firmware versions, TIME BOOT RSC-MT8F [End of Sale] all firmware versions, TIME BOOT RSC-MT8FP [End of Sale] all firmware versions, TIME BOOT mini RSC-MT4HS firmware version 1.00A to 1.10A, and TIME BOOT RSC-MT8FS firmware version 1.00A to 1.00E), and Contact Converter(POSE SE10-8A7B1 firmware version 1.00A to 1.20A) allows a remote attacker to hijack the authentication of an administrator and conduct arbitrary operations by having a user to view a specially crafted page.

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.meikyo.co.jp/vln/
Third Party Advisory x_refsource_misc
https://jvn.jp/en/jp/JVN58266015/index.html

Scores

CVSS v3 8.8
EPSS 0.0049
EPSS Percentile 38.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (16)
meikyo/poe_boot_nino_poe8m2_firmware 1.00a - 1.20a
meikyo/pose_se10-8a7b1_firmware
meikyo/pose_se10-8a7b1_firmware 1.00a - 1.20a
meikyo/signage_rebooter_rpc-m4hsi_firmware 1.00a
meikyo/time_boot_mini_rsc-mt4h_firmware
meikyo/time_boot_mini_rsc-mt4hs_firmware 1.00a - 1.10a
meikyo/time_boot_rsc-mt8f_firmware
meikyo/time_boot_rsc-mt8fp_firmware
meikyo/time_boot_rsc-mt8fs_firmware 1.00a - 1.00e
meikyo/watch_boot_l-zero_rpc-m4l_firmware
... and 6 more
Published May 18, 2022
Tracked Since Feb 18, 2026