CVE-2022-29730

USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. The credentials cannot be altered through normal operation of the device.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:usr:usr-g808_firmware:1.0.36:*:*:*:*:*:*:*
cpe:2.3:h:usr:usr-g808:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:usr:usr-g807_firmware:1.0.36:*:*:*:*:*:*:*
cpe:2.3:h:usr:usr-g807:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:usr:usr-g806_firmware:1.0.36:*:*:*:*:*:*:*
cpe:2.3:h:usr:usr-g806:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:usr:usr-g800v2_firmware:1.0.36:*:*:*:*:*:*:*
cpe:2.3:h:usr:usr-g800v2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:usr:usr-lg220-l_firmware:1.2.7:*:*:*:*:*:*:*
cpe:2.3:h:usr:usr-lg220-l:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:59

Type Values Removed Values Added
References () https://www.pusr.com/ - Vendor Advisory () https://www.pusr.com/ - Vendor Advisory
References () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5705.php - Exploit, Third Party Advisory () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5705.php - Exploit, Third Party Advisory

10 Jun 2022, 14:15

Type Values Removed Values Added
References (MISC) https://www.pusr.com/ - (MISC) https://www.pusr.com/ - Vendor Advisory
References (MISC) https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5705.php - (MISC) https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5705.php - Exploit, Third Party Advisory
CWE CWE-798
CPE cpe:2.3:h:usr:usr-g806:-:*:*:*:*:*:*:*
cpe:2.3:o:usr:usr-g807_firmware:1.0.36:*:*:*:*:*:*:*
cpe:2.3:h:usr:usr-g807:-:*:*:*:*:*:*:*
cpe:2.3:o:usr:usr-g806_firmware:1.0.36:*:*:*:*:*:*:*
cpe:2.3:h:usr:usr-g808:-:*:*:*:*:*:*:*
cpe:2.3:h:usr:usr-g800v2:-:*:*:*:*:*:*:*
cpe:2.3:o:usr:usr-g800v2_firmware:1.0.36:*:*:*:*:*:*:*
cpe:2.3:o:usr:usr-lg220-l_firmware:1.2.7:*:*:*:*:*:*:*
cpe:2.3:h:usr:usr-lg220-l:-:*:*:*:*:*:*:*
cpe:2.3:o:usr:usr-g808_firmware:1.0.36:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 10.0
v3 : 9.8

02 Jun 2022, 14:53

Type Values Removed Values Added
New CVE

Information

Published : 2022-06-02 14:15

Updated : 2024-11-21 06:59


NVD link : CVE-2022-29730

Mitre link : CVE-2022-29730

CVE.ORG link : CVE-2022-29730


JSON object : View

Products Affected

usr

  • usr-g808
  • usr-lg220-l
  • usr-lg220-l_firmware
  • usr-g800v2_firmware
  • usr-g806_firmware
  • usr-g800v2
  • usr-g807_firmware
  • usr-g808_firmware
  • usr-g806
  • usr-g807
CWE
CWE-798

Use of Hard-coded Credentials