Arbitrary File Write and Information Disclosure Vulnerability in CMS8000 Wi-Fi Access Point Configuration

Arbitrary File Write and Information Disclosure Vulnerability in CMS8000 Wi-Fi Access Point Configuration

CVE-2022-3027 · MEDIUM Severity

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. A threat actor could create an SSID with a malicious name, including non-standard characters that, when the device attempts connecting to the malicious SSID, the device can be exploited to write arbitrary files or display incorrect information.

Learn more about our Cms Pen Testing.