Skip to main content

CVE-2022-36159: n/a in n/a

High
VulnerabilityCVE-2022-36159cvecve-2022-36159
Published: Mon Sep 26 2022 (09/26/2022, 10:07:27 UTC)
Source: CVE
Vendor/Project: n/a
Product: n/a

Description

Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow. As the password strength is weak, it can be cracked in few minutes. Through this credential, a malicious actor can access the Wireless LAN Manager interface and open the telnet port then sniff the traffic or inject any malware.

AI-Powered Analysis

AILast updated: 07/07/2025, 13:55:09 UTC

Technical Analysis

CVE-2022-36159 is a high-severity vulnerability affecting Contec FXA3200 devices running firmware version 1.13 and earlier. The core issue is the presence of a hard-coded root password hash stored in the /etc/shadow file. This password is weak enough to be cracked within minutes by an attacker using standard password cracking techniques. Once the attacker obtains the root credentials, they can access the Wireless LAN Manager interface of the device. This access allows the attacker to open the telnet port, which is typically disabled or restricted, thereby enabling remote command execution capabilities. With telnet access, the attacker can sniff network traffic passing through the device or inject malware, potentially compromising the confidentiality, integrity, and availability of the network and connected systems. The vulnerability does not require prior authentication or user interaction, and the attack vector is remote but requires network access to the device. The CVSS v3.1 score of 8.8 reflects the high impact on confidentiality, integrity, and availability, combined with low attack complexity and no privileges or user interaction required. The vulnerability is categorized under CWE-798 (Use of Hard-coded Credentials), a well-known security weakness that often leads to full system compromise. No patches or fixes are currently linked, and no known exploits in the wild have been reported as of the publication date. However, the ease of exploitation and potential impact make this a critical issue for organizations using the affected devices.

Potential Impact

For European organizations, the impact of this vulnerability can be significant, especially for those relying on Contec FXA3200 devices in their wireless network infrastructure. Successful exploitation can lead to unauthorized access to network management interfaces, enabling attackers to intercept sensitive communications, manipulate network traffic, or deploy malware that could spread laterally within the corporate network. This could result in data breaches, disruption of business operations, and compromise of critical systems. Given the device’s role in managing wireless LANs, sectors such as manufacturing, healthcare, and critical infrastructure that depend on reliable wireless connectivity are particularly at risk. Additionally, the ability to open telnet access remotely increases the attack surface and persistence capabilities of adversaries. The lack of patches means organizations must rely on mitigating controls to reduce exposure. The vulnerability also poses risks to compliance with European data protection regulations (e.g., GDPR) due to potential unauthorized data access and leakage.

Mitigation Recommendations

Organizations should immediately inventory their network to identify any Contec FXA3200 devices running firmware version 1.13 or earlier. Until a vendor patch is available, the following specific mitigations are recommended: 1) Restrict network access to the affected devices by implementing strict firewall rules and network segmentation to limit management interface exposure only to trusted administrators. 2) Disable telnet services if possible or block telnet ports at network boundaries to prevent unauthorized remote access. 3) Replace or reconfigure devices to remove or change hard-coded credentials if vendor guidance or firmware updates become available. 4) Monitor network traffic for unusual activity, such as unexpected telnet connections or anomalous wireless LAN manager interface access. 5) Employ strong network authentication and encryption mechanisms to protect wireless communications. 6) Consider deploying intrusion detection/prevention systems (IDS/IPS) tuned to detect exploitation attempts targeting this vulnerability. 7) Engage with the vendor for updates or patches and apply them promptly once released. 8) Educate network administrators about the risks of hard-coded credentials and enforce strict credential management policies.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2022-07-18T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682e1679c4522896dcc697b3

Added to database: 5/21/2025, 6:07:53 PM

Last enriched: 7/7/2025, 1:55:09 PM

Last updated: 8/15/2025, 11:01:54 PM

Views: 17

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats