CVE-2022-46305 MEDIUM

CVE-2022-46305: ChangingTec ServiSign - Path Traversal

Weakness CWE-22 · Path traversal

Published January 3, 2023

Last update April 10, 2025

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Adjacent

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

ChangingTec ServiSign component has a path traversal vulnerability. An unauthenticated LAN attacker can exploit this vulnerability to bypass authentication and access arbitrary system files.

Key dates

02Disclosure timeline

January 3, 2023 CVE published

April 10, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-46305 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/22.html

Related vulnerabilities

04Related CVE

CVE-2025-6799 Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability CVE-2023-32167 D-Link D-View uploadMib Directory Traversal Arbitrary File Creation or Deletion Vulnerability CVE-2026-35397 jupyter-server path traversal allows access to sibling directories sharing root_dir name prefix CVE-2024-31849 CVE-2026-53519 Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key