Vulnerabilities > Chcnav
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-18 | CVE-2022-30623 | Improper Authentication vulnerability in Chcnav P5E Gnss Firmware 4.1/4.2 The server checks the user's cookie in a non-standard way, and a value is entered in the cookie value name of the status and its value is set to true to bypass the identification with the system using a username and password. | 9.8 |
| 2022-07-18 | CVE-2022-30624 | Improper Authentication vulnerability in Chcnav P5E Gnss Firmware 4.1/4.2 Browsing the admin.html page allows the user to reset the admin password. | 7.5 |
| 2022-07-18 | CVE-2022-30625 | Information Exposure vulnerability in Chcnav P5E Gnss Firmware 4.1/4.2 Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. | 5.3 |
| 2022-07-18 | CVE-2022-30626 | Cleartext Storage of Sensitive Information vulnerability in Chcnav P5E Gnss Firmware 4.1/4.2 Browsing the path: http://ip/wifi_ap_pata_get.cmd, will show in the name of the existing access point on the component, and a password in clear text. | 7.5 |
| 2022-07-18 | CVE-2022-30627 | Use of Hard-coded Credentials vulnerability in Chcnav P5E Gnss Firmware This vulnerability affects all of the company's products that also include the FW versions: update_i90_cv2.021_b20210104, update_i50_v1.0.55_b20200509, update_x6_v2.1.2_b202001127, update_b5_v2.0.9_b20200706. | 7.5 |
| 2022-07-17 | CVE-2022-30622 | Use of Hard-coded Credentials vulnerability in Chcnav P5E Gnss Firmware 4.1/4.2 Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. | 7.3 |