CVE-2022-30622
MEDIUMCHCNAV P5E GNSS Firmware - Unauthenticated Hard-coded Credential Exposure via Login.js
Title source: llmDescription
Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sys_username_passwd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit information within the JS code sent to the customer within the Login.js file is a strong user (which is not documented) and also the password, which allow for super-user access. Username: chcadmin, Password: chcpassword.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.gov.il/en/Departments/faq/cve_advisories
Scores
CVSS v3
5.3
EPSS
0.0017
EPSS Percentile
6.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Details
CWE
CWE-798
Status
published
Products (2)
chcnav/p5e_gnss_firmware
4.2
chcnav/p5e_gnss_firmware
< 4.1
Published
Jul 17, 2022
Tracked Since
Feb 18, 2026