CVE-2022-46361 MEDIUM

CVE-2022-46361: Physical access to the WDM enables use of USB device to gain access to the WDM

Vendor Honeywell

Product OneWireless

Weakness CWE-77

Published May 30, 2023

Last update January 9, 2025

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Physical

Attack complexity High

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could result in the execution of unwanted commands. This issue affects OneWireless all versions up to 322.1 and fixed in version 322.2.

Key dates

02Disclosure timeline

May 30, 2023 CVE published

January 9, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-46361 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/77.html

Related vulnerabilities

CVE-2022-46361: Physical access to the WDM enables use of USB device to gain access to the WDM

01Description

02Disclosure timeline

03References

04Related CVE