CVE-2022-34496
CRITICALHiby R3 Pro Firmware < 1.7 - Unrestricted File Upload
Title source: ruleDescription
Hiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a file upload vulnerability via the file upload feature.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/feric/Findings/tree/main/Hiby/Web%20Server/File%20uploading
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/vext01/hiby-issues/issues/52
Scores
CVSS v3
9.8
EPSS
0.0036
EPSS Percentile
58.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (2)
hiby/hiby_r3_pro_firmware
1.5 - 1.7
hiby/hiby_r3_pro_saber_firmware
1.5 - 1.7
Published
Jul 29, 2022
Tracked Since
Feb 18, 2026