CVE-2022-44354

CRITICAL EXPLOITED

SolarView Compact <5.0 - Unrestricted File Upload

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2022-44354 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit.

AI-analyzed exploit summary This repository contains detailed technical writeups for multiple vulnerabilities, including IDOR, improper access control, CSRF, and XSS, affecting various products such as Elenos ETG150 FM transmitter and Clavister firewalls. The writeups include proof-of-concept steps, screenshots, and technical explanations of the vulnerabilities.

Description

SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file.

Exploits (1)

vulncheck_xdb WRITEUP
remote
https://github.com/strik3r0x1/Vulns

This repository contains detailed technical writeups for multiple vulnerabilities, including IDOR, improper access control, CSRF, and XSS, affecting various products such as Elenos ETG150 FM transmitter and Clavister firewalls. The writeups include proof-of-concept steps, screenshots, and technical explanations of the vulnerabilities.

Classification
Writeup 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Elenos ETG150 FM transmitter 3.12, Clavister E80/E10, SolarView Compact, WAVLINK devices, ZTC GK420d, Student Attendance System
Auth required
Prerequisites: access to vulnerable endpoints · authenticated user session
devstral-2 · analyzed Feb 25, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 9.8
EPSS 0.0213
EPSS Percentile 79.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

VulnCheck KEV 2023-07-05
CWE
CWE-434
Status published
Products (2)
contec/solarview_compact_firmware 4.0
contec/solarview_compact_firmware 5.0
Published Nov 29, 2022
Tracked Since Feb 18, 2026