Skip to main content

CVE-2022-41436: n/a in n/a

Critical
VulnerabilityCVE-2022-41436cvecve-2022-41436
Published: Fri Oct 14 2022 (10/14/2022, 00:00:00 UTC)
Source: CVE
Vendor/Project: n/a
Product: n/a

Description

An issue in OXHOO TP50 OXH1.50 allows unauthenticated attackers to access the administrative panel via browsing to the URL http://device_ip/index1.html.

AI-Powered Analysis

AILast updated: 07/06/2025, 14:56:50 UTC

Technical Analysis

CVE-2022-41436 is a critical vulnerability affecting the OXHOO TP50 OXH1.50 device, which allows unauthenticated attackers to gain access to the device's administrative panel simply by navigating to a specific URL (http://device_ip/index1.html). This vulnerability is classified under CWE-287, which relates to improper authentication. The CVSS v3.1 base score of 9.1 indicates a high-severity issue with network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The vulnerability impacts confidentiality and integrity significantly (C:H/I:H/A:N), as unauthorized access to the administrative interface can lead to full control over the device's configuration and potentially sensitive data exposure. No patches or vendor mitigations have been published yet, and no known exploits are currently reported in the wild. The lack of authentication on the administrative panel means that any attacker with network access to the device can exploit this vulnerability remotely without any credentials or interaction, making it highly exploitable in environments where the device is exposed or accessible internally. The device type is not explicitly stated, but given the naming convention, it is likely an IoT or network device, which often have critical roles in enterprise or industrial environments.

Potential Impact

For European organizations, this vulnerability poses a significant risk, especially for those deploying OXHOO TP50 OXH1.50 devices in their networks. Unauthorized access to the administrative panel could allow attackers to alter device configurations, disable security controls, or use the device as a foothold for lateral movement within the network. This can lead to data breaches, service disruptions, or further compromise of connected systems. Critical infrastructure sectors such as manufacturing, energy, or telecommunications that rely on such devices could face operational disruptions or espionage risks. Additionally, the vulnerability's ease of exploitation without authentication increases the likelihood of opportunistic attacks, particularly in environments where devices are exposed to untrusted networks or insufficiently segmented internal networks. The absence of patches means organizations must rely on compensating controls until a fix is available, increasing the window of exposure.

Mitigation Recommendations

Immediate mitigation should focus on network-level controls to restrict access to the affected devices. Organizations should implement strict network segmentation to isolate OXHOO TP50 OXH1.50 devices from untrusted networks and limit administrative access to trusted management networks only. Deploying firewall rules or access control lists (ACLs) to block HTTP access to the administrative panel URL (index1.html) from unauthorized sources is critical. Monitoring network traffic for unusual access attempts to the device's administrative interface can help detect exploitation attempts. If possible, disable the web-based administrative interface until a patch is available or replace the device with a more secure alternative. Organizations should also conduct an inventory to identify all deployed OXHOO TP50 OXH1.50 devices and assess their exposure. Vendor engagement is recommended to obtain patches or firmware updates. Additionally, applying multi-factor authentication (MFA) on administrative interfaces, if supported, can reduce risk once patches are available.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2022-09-26T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682cd0fb1484d88663aec9a5

Added to database: 5/20/2025, 6:59:07 PM

Last enriched: 7/6/2025, 2:56:50 PM

Last updated: 8/13/2025, 12:43:27 AM

Views: 13

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats