CVE-2022-35911
HIGHPatlite NH-FB and NHL-FB Firmware < 1.46 - Denial of Service via Missing Query String
Title source: llmDescription
On Patlite NH-FB series devices through 1.46, remote attackers can cause a denial of service by omitting the query string. NOTE: the vendor's perspective is that "omitting the query string does not cause a denial of service and the indicated event can not be reproduced.
References (3)
Core 3
Core References
Product, Vendor Advisory x_refsource_misc
https://www.patlite.co.jp/product/detail0000021462.html
Product, Vendor Advisory x_refsource_misc
https://www.patlite.com/network-products/lineup/nh-fb.html
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/167797/Patlite-1.46-Buffer-Overflow.html
Scores
CVSS v3
7.5
EPSS
0.0196
EPSS Percentile
77.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-119
Status
published
Products (2)
patlite/nhl-fb2_firmware
< 1.46
patlite/nhp-fb2_firmware
< 1.46
Published
Jul 27, 2022
Tracked Since
Feb 18, 2026