CVE-2022-28223

CRITICAL

Tekon KIO Firmware < 2022-03-30 - Authenticated Privilege Escalation via Malicious Lua Plugin Upload

Title source: llm
STIX 2.1

Description

Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin.

References (1)

Core 1

Scores

CVSS v3 9.1
EPSS 0.0104
EPSS Percentile 59.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (8)
tekon/kio-1m_firmware < 2022-03-30
tekon/kio-2m_firmware < 2022-03-30
tekon/kio-2md_firmware < 2022-03-30
tekon/kio-2mrs_firmware < 2022-03-30
tekon/kio-2ms_firmware < 2022-03-30
tekon/kio-8\(4\)_firmware < 2022-03-30
tekon/kio-8\(4\)l_firmware < 2022-03-30
tekon/kio_firmware < 2022-03-30
Published Mar 30, 2022
Tracked Since Feb 18, 2026