CVE-2022-45914: n/a in n/a
The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows attackers to change label values via 433 MHz RF signals, as demonstrated by disrupting the organization of a hospital storage unit, or changing retail pricing.
AI Analysis
Technical Summary
CVE-2022-45914 identifies a vulnerability in the Electronic Shelf Label (ESL) protocol as implemented by certain hardware, exemplified by the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board. The core issue is the lack of authentication in the ESL protocol communications over the 433 MHz radio frequency band. This absence of authentication allows an attacker within radio range to inject unauthorized RF signals that can alter the displayed label values on ESL devices. Practical demonstrations have shown that attackers can disrupt critical organizational functions, such as altering inventory labels in hospital storage units, potentially leading to mismanagement of medical supplies, or manipulating retail pricing information, which can cause financial losses or customer confusion. The vulnerability is classified under CWE-294 (Improper Authentication), indicating that the protocol does not verify the legitimacy of commands before applying changes. The CVSS v3.1 base score is 6.5 (medium severity), with an attack vector of adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no confidentiality impact (C:N), high integrity impact (I:H), and no availability impact (A:N). No patches or vendor mitigations are currently documented, and no known exploits are reported in the wild as of the publication date. This vulnerability primarily affects environments where ESL devices using this protocol are deployed, which includes retail and healthcare sectors relying on wireless shelf labeling systems for operational efficiency and accuracy.
Potential Impact
For European organizations, the impact of this vulnerability can be significant, especially in sectors such as healthcare and retail where ESL systems are increasingly adopted for inventory and pricing management. In hospitals, unauthorized changes to storage unit labels could lead to misplacement or misidentification of critical medical supplies or pharmaceuticals, potentially endangering patient safety and complicating logistics. In retail, attackers could manipulate pricing information, leading to financial losses, customer trust erosion, and regulatory compliance issues. The integrity of displayed information is compromised, which can disrupt operational workflows and decision-making processes. Although confidentiality and availability are not directly impacted, the high integrity impact means that organizations could face operational disruptions and reputational damage. Additionally, since the attack requires proximity to the affected devices (due to the 433 MHz RF communication), organizations with ESL deployments in accessible or public areas are at higher risk. The lack of authentication also means that the attack can be conducted without any credentials or user interaction, increasing the threat surface. European organizations relying on ESL technology without additional security controls are therefore vulnerable to targeted or opportunistic attacks that exploit this protocol weakness.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should implement a multi-layered approach beyond generic advice. First, they should conduct a thorough inventory of ESL devices and identify those using the vulnerable protocol or hardware, such as the OV80e934802 transceiver on ETAG-2130-V4.3 boards. Where possible, replace or upgrade ESL hardware and firmware to versions that support authenticated communication or encrypted RF transmissions. If vendor patches or updates become available, prioritize their deployment. In the absence of vendor fixes, organizations should consider deploying physical RF shielding or signal jamming techniques to limit unauthorized RF injection within sensitive areas, especially in hospitals and retail environments. Network segmentation and monitoring should be enhanced to detect anomalies in ESL system behavior, such as unexpected label changes or RF signal patterns. Additionally, organizations can implement procedural controls, such as manual verification of critical label information and staff training to recognize and report suspicious label discrepancies. For new ESL deployments, prioritize solutions that incorporate secure communication protocols with authentication and encryption. Finally, collaborate with vendors and industry groups to advocate for improved ESL security standards and share threat intelligence related to this vulnerability.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium, Sweden, Poland, Switzerland
CVE-2022-45914: n/a in n/a
Description
The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows attackers to change label values via 433 MHz RF signals, as demonstrated by disrupting the organization of a hospital storage unit, or changing retail pricing.
AI-Powered Analysis
Technical Analysis
CVE-2022-45914 identifies a vulnerability in the Electronic Shelf Label (ESL) protocol as implemented by certain hardware, exemplified by the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board. The core issue is the lack of authentication in the ESL protocol communications over the 433 MHz radio frequency band. This absence of authentication allows an attacker within radio range to inject unauthorized RF signals that can alter the displayed label values on ESL devices. Practical demonstrations have shown that attackers can disrupt critical organizational functions, such as altering inventory labels in hospital storage units, potentially leading to mismanagement of medical supplies, or manipulating retail pricing information, which can cause financial losses or customer confusion. The vulnerability is classified under CWE-294 (Improper Authentication), indicating that the protocol does not verify the legitimacy of commands before applying changes. The CVSS v3.1 base score is 6.5 (medium severity), with an attack vector of adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no confidentiality impact (C:N), high integrity impact (I:H), and no availability impact (A:N). No patches or vendor mitigations are currently documented, and no known exploits are reported in the wild as of the publication date. This vulnerability primarily affects environments where ESL devices using this protocol are deployed, which includes retail and healthcare sectors relying on wireless shelf labeling systems for operational efficiency and accuracy.
Potential Impact
For European organizations, the impact of this vulnerability can be significant, especially in sectors such as healthcare and retail where ESL systems are increasingly adopted for inventory and pricing management. In hospitals, unauthorized changes to storage unit labels could lead to misplacement or misidentification of critical medical supplies or pharmaceuticals, potentially endangering patient safety and complicating logistics. In retail, attackers could manipulate pricing information, leading to financial losses, customer trust erosion, and regulatory compliance issues. The integrity of displayed information is compromised, which can disrupt operational workflows and decision-making processes. Although confidentiality and availability are not directly impacted, the high integrity impact means that organizations could face operational disruptions and reputational damage. Additionally, since the attack requires proximity to the affected devices (due to the 433 MHz RF communication), organizations with ESL deployments in accessible or public areas are at higher risk. The lack of authentication also means that the attack can be conducted without any credentials or user interaction, increasing the threat surface. European organizations relying on ESL technology without additional security controls are therefore vulnerable to targeted or opportunistic attacks that exploit this protocol weakness.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should implement a multi-layered approach beyond generic advice. First, they should conduct a thorough inventory of ESL devices and identify those using the vulnerable protocol or hardware, such as the OV80e934802 transceiver on ETAG-2130-V4.3 boards. Where possible, replace or upgrade ESL hardware and firmware to versions that support authenticated communication or encrypted RF transmissions. If vendor patches or updates become available, prioritize their deployment. In the absence of vendor fixes, organizations should consider deploying physical RF shielding or signal jamming techniques to limit unauthorized RF injection within sensitive areas, especially in hospitals and retail environments. Network segmentation and monitoring should be enhanced to detect anomalies in ESL system behavior, such as unexpected label changes or RF signal patterns. Additionally, organizations can implement procedural controls, such as manual verification of critical label information and staff training to recognize and report suspicious label discrepancies. For new ESL deployments, prioritize solutions that incorporate secure communication protocols with authentication and encryption. Finally, collaborate with vendors and industry groups to advocate for improved ESL security standards and share threat intelligence related to this vulnerability.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-11-27T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d983dc4522896dcbeefae
Added to database: 5/21/2025, 9:09:17 AM
Last enriched: 6/24/2025, 11:34:50 PM
Last updated: 8/1/2025, 12:14:00 AM
Views: 12
Related Threats
CVE-2025-9006: Buffer Overflow in Tenda CH22
HighCVE-2025-9005: Information Exposure Through Error Message in mtons mblog
MediumCVE-2025-9004: Improper Restriction of Excessive Authentication Attempts in mtons mblog
MediumCVE-2025-9003: Cross Site Scripting in D-Link DIR-818LW
MediumCVE-2025-55726
UnknownActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.