CVE-2022-37122

HIGH NUCLEI

Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Unauthenticated Arbitrary File Disclosure via Logdownload.cgi File Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-37122. PoCs published by bughuntar. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a Bash-based scanner for detecting CVE-2022-37122, a path traversal vulnerability in Carel pCOWeb's logdownload.cgi. The scanner uses a safe default payload (/etc/hostname) and includes features like multi-threading, CSV reporting, and response sampling.

Description

Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.

Exploits (1)

nomisec SCANNER 10 stars
by bughuntar · poc
https://github.com/bughuntar/CVE-2022-37122-Exploit

This repository contains a Bash-based scanner for detecting CVE-2022-37122, a path traversal vulnerability in Carel pCOWeb's logdownload.cgi. The scanner uses a safe default payload (/etc/hostname) and includes features like multi-threading, CSV reporting, and response sampling.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Carel pCOWeb (logdownload.cgi)
No auth needed
Prerequisites: Access to the target web interface · Bash environment with curl
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Path Traversal
HIGHby gy741

References (3)

Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5709.php
Exploit, Third Party Advisory x_refsource_misc
https://www.zeroscience.mk/codes/carelpco_dir.txt
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/167684/

Scores

CVSS v3 7.5
EPSS 0.7093
EPSS Percentile 98.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (4)
carel/applica 2.154a
carel/applica 16_13020200
carel/pcoweb_card_firmware a2.1.0 - b.2.1.0
carel/pcoweb_hvac_bacnet_gateway 2.1.0
Published Aug 31, 2022
Tracked Since Feb 18, 2026