Vulnerabilities > CVE-2022-38789 - Authorization Bypass Through User-Controlled Key vulnerability in Airties products

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

airties

CWE-639

critical

NVD

Published: 2022-09-15

Updated: 2022-09-20

Summary

An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference.

Vulnerable Configurations

Part	Description	Count
OS	Airties Airties AIR 4920 Firmware - Airties AIR 4921 Firmware - Airties AIR 4971 Firmware -	3
Hardware	Airties Airties AIR 4920 - Airties AIR 4921 - Airties AIR 4971 -	3

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://airties.com/airties-information-security-policy/
https://github.com/ProxyStaffy/Airties-CVE-2022-38789/blob/main/Description