CVE-2022-42785
CRITICALW&T ComServer Series Firmware < 1.48/1.76 - Unauthenticated Authentication Bypass via Modified HTTP GET Request
Title source: llmDescription
Multiple W&T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request.
References (1)
Core 1
Core References
Third Party Advisory
https://cert.vde.com/de/advisories/VDE-2022-043/
Scores
CVSS v3
9.8
EPSS
0.0100
EPSS Percentile
58.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-306
Status
published
Products (17)
wut/at-modem-emulator_firmware
< 1.48
wut/com-server_20ma_firmware
< 1.48
wut/com-server_\+\+_firmware
< 1.48
wut/com-server_highspeed_100basefx_firmware
< 1.76
wut/com-server_highspeed_100baselx_firmware
< 1.76
wut/com-server_highspeed_19\"_1port_firmware
< 1.76
wut/com-server_highspeed_19\"_4port_firmware
< 1.76
wut/com-server_highspeed_compact_firmware
< 1.76
wut/com-server_highspeed_industry_firmware
< 1.76
wut/com-server_highspeed_isolated_firmware
< 1.76
... and 7 more
Published
Nov 15, 2022
Tracked Since
Feb 18, 2026