CVE-2022-40266 MEDIUM

CVE-2022-40266: Denial-of-Service (DoS) Vulnerability in FTP Server Function on GOT2000 Series

Vendor Mitsubishi Electric
Product GOT2000 Series GT27 model
Weakness CWE-20 · Input validation
Published November 24, 2022
Last update April 25, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.

Key dates

02Disclosure timeline

November 24, 2022 CVE published
April 25, 2025 Record updated