CVE-2022-35911

EUVD-2022-38783
On Patlite NH-FB series devices through 1.46, remote attackers can cause a denial of service by omitting the query string. NOTE: the vendor's perspective is that "omitting the query string does not cause a denial of service and the indicated event can not be reproduced.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
Affected Products (NVD)
VendorProductVersion
patlitenhp-fb2_firmware
𝑥
≤ 1.46
patlitenhl-fb2_firmware
𝑥
≤ 1.46
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://packetstormsecurity.com/files/167797/Patlite-1.46-Buffer-Overflow.html
https://www.patlite.co.jp/product/detail0000021462.html
https://www.patlite.com/network-products/lineup/nh-fb.html
https://packetstormsecurity.com/files/167797/Patlite-1.46-Buffer-Overflow.html
https://www.patlite.co.jp/product/detail0000021462.html
https://www.patlite.com/network-products/lineup/nh-fb.html