CVE-2022-41333

HIGH

FortiRecorder < 6.0.11 - Unauthenticated Denial of Service via Crafted GET Requests

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-41333. PoCs published by Mohammed Adel, polar0x.

AI-analyzed exploit summary This exploit targets a Denial of Service (DoS) vulnerability in FortiRecorder versions 6.4.3 and below, as well as 6.0.11 to 6.0.0. It sends a crafted payload via POST or GET requests to trigger the vulnerability, causing the service to deny access.

Description

An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and below, 6.0.11 and below login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests.

Exploits (2)

exploitdb WORKING POC

by Mohammed Adel · pythondoshardware

https://www.exploit-db.com/exploits/51326

View Code ZIP pw:eip

This exploit targets a Denial of Service (DoS) vulnerability in FortiRecorder versions 6.4.3 and below, as well as 6.0.11 to 6.0.0. It sends a crafted payload via POST or GET requests to trigger the vulnerability, causing the service to deny access.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: FortiRecorder 6.4.3 and below, 6.0.11 to 6.0.0

No auth needed

Prerequisites: Network access to the target FortiRecorder instance

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by polar0x · poc

https://github.com/polar0x/CVE-2022-41333

View Code ZIP pw:eip

This repository contains a Python-based PoC for CVE-2022-41333, a vulnerability in Fortinet FortiRecorder. The exploit sends crafted payloads via GET or POST requests to trigger the vulnerability, with JavaScript functions for payload encryption/decryption.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Fortinet FortiRecorder

No auth needed

Prerequisites: Network access to the target FortiRecorder instance

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-22-388

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/171766/FortiRecorder-6.4.3-Denial-Of-Service.html

Scores

CVSS v3 7.5

EPSS 0.0723

EPSS Percentile 93.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-400

Status published

Products (1)

fortinet/fortirecorder_firmware 6.0.0 - 6.0.11

Published Mar 07, 2023

Tracked Since Feb 18, 2026