CVE-2022-3203 CRITICAL

CVE-2022-3203: ORing net IAP-420(+) Hidden Functionality

Vendor Oring
Product IAP-420(+)
Weakness CWE-912
Published October 21, 2022
Last update May 7, 2025

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot.

Key dates

02Disclosure timeline

October 21, 2022 CVE published
May 7, 2025 Record updated