CVE-2022-36158

CVE Database · CVE-2022-36158

CVE-2022-36158

· HIGHModified

CVSS v3.1

8.0

EPSS

1.43%

Published

Sep 26, 2022

Modified

May 21, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page (/usr/www/ja/mnt_cmd.cgi).

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-425CWE-425

Affected Products (8)

contec · fxa3000_firmwarevulnerable

contec · fxa3000

contec · fxa3020_firmwarevulnerable

contec · fxa3020

contec · fxa3200_firmwarevulnerable

contec · fxa3200

contec · fxa2000_firmware (up to 1.39.00)vulnerable

contec · fxa2000

References (8)

https://gist.github.com/Nwqda/aac33d1936d2b514a3268f145345abb4

Broken LinkThird Party Advisory

https://jvn.jp/en/vu/JVNVU98305100/

PatchThird Party Advisory

https://samy.link/blog/contec-flexlan-fxa2000-and-fxa3000-series-vulnerability-repo

ExploitMitigationThird Party Advisory

https://www.contec.com/products-services/computer-networking/flexlan-fx/fx-accesspoint/fxa3200/feature/#section

Product

https://gist.github.com/Nwqda/aac33d1936d2b514a3268f145345abb4

Broken LinkThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs