CVE-2022-43442

MEDIUM

+F FS040U <v2.3.4 - Info Disclosure

Title source: llm

Description

Plaintext storage of a password vulnerability exists in +F FS040U software versions v2.3.4 and earlier, which may allow an attacker to obtain the login password of +F FS040U and log in to the management console.

References (5)

[Third Party Advisory] https://jvn.jp/en/jp/JVN74285622/index.html

[Vendor Advisory] https://www.fsi.co.jp/mobile/plusF/news/22102801.html

[Not Applicable, Vendor Advisory] https://www.fsi.co.jp/mobile/plusF/news/22102802.html

[Not Applicable, Vendor Advisory] https://www.fsi.co.jp/mobile/plusF/news/22102803.html

[Not Applicable, Vendor Advisory] https://www.fsi.co.jp/mobile/plusF/news/22102804.html

Scores

CVSS v3 4.6

EPSS 0.0009

EPSS Percentile 26.3%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (1)

fsi/fs040u_firmware < 2.3.4

Timeline

Published Dec 05, 2022

Tracked Since Feb 18, 2026