CVE-2022-35122 : An access control issue in Ecowitt GW1100 Series Weather Stations <=GW1100B

An access control issue in Ecowitt GW1100 Series Weather Stations <=GW1100B_v2.1.5 allows unauthenticated attackers to access sensitive information including device and local WiFi passwords.

Published 2022-08-17 21:15:09

Updated 2022-08-19 01:22:46

Source MITRE

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Products affected by CVE-2022-35122

Ecowitt » Gw1100 Firmware
Versions up to, including, (<=) 2.1.5
cpe:2.3:o:ecowitt:gw1100_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Ecowitt » Gw1100 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-35122

EPSS FAQ

0.27%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 50 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-35122

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.1	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H	3.9	5.2	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: High

CWE ids for CVE-2022-35122

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-35122

https://www.pizzapower.me/2022/06/30/the-incredibly-insecure-weather-station/

The Incredibly Insecure Weather Station | Pizza-Powered Hacking 🍕
Exploit;Third Party Advisory

Jump to

Vulnerability Details : CVE-2022-35122

Products affected by CVE-2022-35122

Exploit prediction scoring system (EPSS) score for CVE-2022-35122

CVSS scores for CVE-2022-35122

CWE ids for CVE-2022-35122

References for CVE-2022-35122