CVE-2022-28113

HIGH

FANTEC GmbH MWiD25-DS Firmware <2.000.030 - RCE

Title source: llm

Description

An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows attackers to write files and reset the user passwords without having a valid session cookie.

Exploits (1)

nomisec WORKING POC 3 stars

by code-byter · poc

https://github.com/code-byter/CVE-2022-28113

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory] https://drive.google.com/file/d/1OvpNieX3pYFaZprglr5T0lV0WuLoLcLu/view?usp=sharing

[Exploit, Third Party Advisory] https://drive.google.com/file/d/1s1AgI5Dw7_GNenmI-mw0Sx2B9MkNTbc7/view?usp=sharing

[Exploit, Third Party Advisory] https://github.com/code-byter/CVE-2022-28113

[Exploit, Third Party Advisory] https://code-byter.com/2022/04/06/fantec-wifi.html

Scores

CVSS v3 7.2

EPSS 0.0878

EPSS Percentile 92.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-565

Status published

Products (1)

fantec/mwid25-ds_firmware 2.000.030

Published Apr 15, 2022

Tracked Since Feb 18, 2026