CVE-2022-39030 HIGH

CVE-2022-39030: Smart eVision - Exposure of Sensitive Information to an Unauthorized Actor -2

Vendor Smart Evision Information Technology Inc.

Product Smart eVision

Weakness CWE-200 · Info exposure

Published September 28, 2022

Last update May 21, 2025

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

smart eVision has inadequate authorization for system information query function. An unauthenticated remote attacker, who is not explicitly authorized to access the information, can access sensitive information.

Key dates

02Disclosure timeline

September 28, 2022 CVE published

May 21, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-39030 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

Identifiers

CVE CVE-2022-39030

CWE CWE-200

CVSS 7.5 / HIGH

Affected versions