CVE-2022-45227: n/a in n/a
The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https://10.10.20.74/lib/. This address has a backup file which can be downloaded without any authentication.
AI Analysis
Technical Summary
CVE-2022-45227 is a high-severity vulnerability affecting the web portal of the Dragino LoRa LG01 IoT gateway device, specifically version 4.3.4. The vulnerability arises from an improperly configured web server directory at the URL path /lib/ that allows directory listing without any authentication. This misconfiguration exposes backup files stored within this directory, which can be freely downloaded by an unauthenticated attacker. The exposed backup files may contain sensitive configuration data, credentials, or other critical information that could be leveraged to compromise the device or the network it is connected to. The vulnerability is classified under CWE-552 (Files or Directories Accessible to External Parties), indicating that sensitive files are accessible due to improper access control. The CVSS 3.1 base score of 7.5 reflects a high severity, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), high impact on confidentiality (C:H), and no impact on integrity or availability (I:N/A:N). This means an attacker can remotely access sensitive information without any authentication or user interaction, potentially leading to significant confidentiality breaches. Although no known exploits are currently reported in the wild, the ease of exploitation and the nature of the exposed data make this vulnerability a critical concern for organizations deploying Dragino LG01 IoT gateways, especially in environments where sensitive data confidentiality is paramount.
Potential Impact
For European organizations, the exposure of backup files from Dragino LG01 IoT gateways can lead to significant confidentiality breaches. These devices are often used in IoT deployments for smart city infrastructure, industrial monitoring, and agricultural applications. Compromise of such devices could allow attackers to harvest sensitive configuration data, including network credentials or cryptographic keys, which could be used to pivot into internal networks or disrupt IoT operations. The confidentiality impact is high, potentially exposing private data or enabling further attacks. While integrity and availability are not directly impacted by this vulnerability, the information disclosure could facilitate subsequent attacks that affect these properties. Given the increasing reliance on IoT devices in critical infrastructure across Europe, exploitation of this vulnerability could undermine operational security and privacy compliance obligations under regulations such as GDPR. Additionally, unauthorized access to backup files might reveal network topology or device management details, increasing the attack surface for threat actors targeting European enterprises and public sector entities.
Mitigation Recommendations
To mitigate CVE-2022-45227, organizations should immediately audit their Dragino LG01 IoT gateways for exposed directories allowing unauthenticated access. Specifically, administrators must disable directory listing on the web server hosting the device portal, ensuring that the /lib/ directory and any other sensitive paths are not accessible without proper authentication. If backup files are stored on the device, they should be relocated to secure storage with strict access controls or encrypted to prevent unauthorized disclosure. Firmware updates or patches from the vendor should be applied as soon as they become available, even though no official patch link is currently provided. Network segmentation should be enforced to isolate IoT devices from critical infrastructure and sensitive data networks, limiting the potential impact of any compromise. Additionally, monitoring and logging access to IoT device web portals should be implemented to detect unusual or unauthorized access attempts. Organizations should also consider deploying web application firewalls (WAFs) or reverse proxies that can block directory listing and unauthorized file downloads. Finally, conducting regular security assessments of IoT devices and their configurations will help identify and remediate similar misconfigurations proactively.
Affected Countries
Germany, France, Italy, Spain, Netherlands, Belgium, Poland, Sweden
CVE-2022-45227: n/a in n/a
Description
The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https://10.10.20.74/lib/. This address has a backup file which can be downloaded without any authentication.
AI-Powered Analysis
Technical Analysis
CVE-2022-45227 is a high-severity vulnerability affecting the web portal of the Dragino LoRa LG01 IoT gateway device, specifically version 4.3.4. The vulnerability arises from an improperly configured web server directory at the URL path /lib/ that allows directory listing without any authentication. This misconfiguration exposes backup files stored within this directory, which can be freely downloaded by an unauthenticated attacker. The exposed backup files may contain sensitive configuration data, credentials, or other critical information that could be leveraged to compromise the device or the network it is connected to. The vulnerability is classified under CWE-552 (Files or Directories Accessible to External Parties), indicating that sensitive files are accessible due to improper access control. The CVSS 3.1 base score of 7.5 reflects a high severity, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), high impact on confidentiality (C:H), and no impact on integrity or availability (I:N/A:N). This means an attacker can remotely access sensitive information without any authentication or user interaction, potentially leading to significant confidentiality breaches. Although no known exploits are currently reported in the wild, the ease of exploitation and the nature of the exposed data make this vulnerability a critical concern for organizations deploying Dragino LG01 IoT gateways, especially in environments where sensitive data confidentiality is paramount.
Potential Impact
For European organizations, the exposure of backup files from Dragino LG01 IoT gateways can lead to significant confidentiality breaches. These devices are often used in IoT deployments for smart city infrastructure, industrial monitoring, and agricultural applications. Compromise of such devices could allow attackers to harvest sensitive configuration data, including network credentials or cryptographic keys, which could be used to pivot into internal networks or disrupt IoT operations. The confidentiality impact is high, potentially exposing private data or enabling further attacks. While integrity and availability are not directly impacted by this vulnerability, the information disclosure could facilitate subsequent attacks that affect these properties. Given the increasing reliance on IoT devices in critical infrastructure across Europe, exploitation of this vulnerability could undermine operational security and privacy compliance obligations under regulations such as GDPR. Additionally, unauthorized access to backup files might reveal network topology or device management details, increasing the attack surface for threat actors targeting European enterprises and public sector entities.
Mitigation Recommendations
To mitigate CVE-2022-45227, organizations should immediately audit their Dragino LG01 IoT gateways for exposed directories allowing unauthenticated access. Specifically, administrators must disable directory listing on the web server hosting the device portal, ensuring that the /lib/ directory and any other sensitive paths are not accessible without proper authentication. If backup files are stored on the device, they should be relocated to secure storage with strict access controls or encrypted to prevent unauthorized disclosure. Firmware updates or patches from the vendor should be applied as soon as they become available, even though no official patch link is currently provided. Network segmentation should be enforced to isolate IoT devices from critical infrastructure and sensitive data networks, limiting the potential impact of any compromise. Additionally, monitoring and logging access to IoT device web portals should be implemented to detect unusual or unauthorized access attempts. Organizations should also consider deploying web application firewalls (WAFs) or reverse proxies that can block directory listing and unauthorized file downloads. Finally, conducting regular security assessments of IoT devices and their configurations will help identify and remediate similar misconfigurations proactively.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-11-14T00:00:00.000Z
- Cisa Enriched
- true
Threat ID: 682d9847c4522896dcbf5baf
Added to database: 5/21/2025, 9:09:27 AM
Last enriched: 6/21/2025, 5:36:37 PM
Last updated: 8/12/2025, 4:06:05 PM
Views: 11
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.