Goldshell ASIC Miners v2.2.1 and below was discovered to contain a path traversal vulnerability which allows unauthenticated attackers to retrieve arbitrary files from the device.
References
Link | Resource |
---|---|
https://github.com/goldshellminer/firmware | Third Party Advisory |
https://jamesachambers.com/cryptocurrency-asic-miners-security-and-hacking-audit/ | Exploit Mitigation Third Party Advisory |
Configurations
History
27 Jul 2022, 22:04
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | (MISC) https://jamesachambers.com/cryptocurrency-asic-miners-security-and-hacking-audit/ - Exploit, Mitigation, Third Party Advisory | |
References | (MISC) https://github.com/goldshellminer/firmware - Third Party Advisory | |
CWE | CWE-22 | |
CPE | cpe:2.3:o:goldshell:goldshell_miner_firmware:*:*:*:*:*:*:*:* |
20 Jul 2022, 13:40
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-20 13:15
Updated : 2024-02-04 22:51
NVD link : CVE-2022-24659
Mitre link : CVE-2022-24659
CVE.ORG link : CVE-2022-24659
JSON object : View
Products Affected
goldshell
- goldshell_miner_firmware
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')