CVE-2022-38399

Missing protection mechanism for alternate hardware interface in SmaCam CS-QR10 all versions and SmaCam Night Vision CS-QR20 all versions allows an attacker to execute an arbitrary OS command by having the product connect to the product's specific serial connection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
jpcertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
VendorProductVersion
planexcs-qr20_firmware
*
planexcs-qr10_firmware
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://jvn.jp/en/vu/JVNVU90766406/index.html
https://www.planex.co.jp/products/cs-qr10/index.shtml
https://www.planex.co.jp/products/cs-qr20/index.shtml
https://jvn.jp/en/vu/JVNVU90766406/index.html
https://www.planex.co.jp/products/cs-qr10/index.shtml
https://www.planex.co.jp/products/cs-qr20/index.shtml