CVE-2022-4780 MEDIUM

CVE-2022-4780: hard coded credentials in elvexys ISOS firmwares

Vendor Elvexys
Product ISOS
Published December 28, 2022
Last update April 10, 2025

CVSS base score

4.5/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change.

Key dates

02Disclosure timeline

December 28, 2022 CVE published
April 10, 2025 Record updated