CVE-2022-30622 MEDIUM

CVE-2022-30622: Chcnav - P5E GNSS Information disclosure

Vendor Chcnav
Product Chcnav - P5E GNSS
Published July 17, 2022
Last update September 17, 2024

CVSS base score

5.3/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sys_username_passwd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit information within the JS code sent to the customer within the Login.js file is a strong user (which is not documented) and also the password, which allow for super-user access. Username: chcadmin, Password: chcpassword.

Key dates

02Disclosure timeline

July 17, 2022 CVE published
September 17, 2024 Record updated