qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Crestron-Hd-Md4X2-Credentia...

63 lines
4.0 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Crestron Hd-Md4X2 Credential Disclosure (CVE-2022-23178)",
"Description": "<p>restron Hd-Md4X2-4K-E is a simple-to-use UHD signal switcher with four HDMI inputs and two HDMI outputs from Crestron, USA.</p><p>Crestron Hd-Md4X2-4K-E has an information disclosure vulnerability, attackers can obtain WEB user login credentials and further control the system.</p>",
"Product": "Crestron Hd-Md4X2",
"Homepage": "https://de.crestron.com",
"DisclosureDate": "2022-01-14",
"Author": "1291904552@qq.com",
"FofaQuery": "body=\"js/top.js\" && body=\"document.onmousedown = ReCalculate;\"",
"GobyQuery": "body=\"js/top.js\" && body=\"document.onmousedown = ReCalculate;\"",
"Level": "2",
"Impact": "<p>Crestron Hd-Md4X2-4K-E has an information disclosure vulnerability, attackers can obtain WEB user login credentials and further control the system.</p>",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://de.crestron.com/Products/Video/HDMI-Solutions/HDMI-Switchers/HD-MD4X2-4K-E\">https://de.crestron.com/Products/Video/HDMI-Solutions/HDMI-Switchers/HD-MD4X2-4K-E</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2. If not necessary, prohibit public network access to the system.</p>",
"Translation": {
"CN": {
"Name": "Crestron 公司 Hd-Md4X2 信号切换器信息泄露漏洞CVE-2022-23178",
"VulType": ["信息泄露"],
"Tags": ["信息泄露"],
"Description": "<p>Crestron Hd-Md4X2-4K-E是美国Crestron公司的一个简单的使用有四个 Hdmi 输入和两个 Hdmi 输出超高清信号切换器。</p><p>Crestron Hd-Md4X2-4K-E 存在信息泄露漏洞攻击者可获取WEB用户登录凭据进一步控制系统。</p>",
"Impact": "<p>Crestron Hd-Md4X2-4K-E 存在信息泄露漏洞攻击者可获取WEB用户登录凭据进一步控制系统。</p>",
"Product": "Crestron Hd-Md4X2",
"Recommendation": "<p>⼚商已发布了漏洞修复程序,请及时关注更新:<a href=\"https://de.crestron.com/Products/Video/HDMI-Solutions/HDMI-Switchers/HD-MD4X2-4K-E\">https://de.crestron.com/Products/Video/HDMI-Solutions/HDMI-Switchers/HD-MD4X2-4K-E</a></p><p>1、通过防⽕墙等安全设备设置访问策略设置⽩名单访问。</p><p>2、如⾮必要禁⽌公⽹访问该系统。</p>"
},
"EN": {
"Name": "Crestron Hd-Md4X2 Credential Disclosure (CVE-2022-23178)",
"VulType": ["infoleak"],
"Tags": ["infoleak"],
"Description": "<p>restron Hd-Md4X2-4K-E is a simple-to-use UHD signal switcher with four HDMI inputs and two HDMI outputs from Crestron, USA.</p><p>Crestron Hd-Md4X2-4K-E has an information disclosure vulnerability, attackers can obtain WEB user login credentials and further control the system.</p>",
"Impact": "<p>Crestron Hd-Md4X2-4K-E has an information disclosure vulnerability, attackers can obtain WEB user login credentials and further control the system.</p>",
"Product": "Crestron Hd-Md4X2",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://de.crestron.com/Products/Video/HDMI-Solutions/HDMI-Switchers/HD-MD4X2-4K-E\">https://de.crestron.com/Products/Video/HDMI-Solutions/HDMI-Switchers/HD-MD4X2-4K-E</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>"
}
},
"References": [
"http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202201-1005"
],
"HasExp": true,
"ExpParams": null,
"ExpTips": null,
"ScanSteps": null,
"Tags": [
"infoleak"
],
"VulType": [
"infoleak"
],
"CVEIDs": [
"CVE-2022-23178"
],
"CVSSScore": "7.0",
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
},
"CNNVD": [
"CNNVD-202201-1005"
],
"CNVD": [
""
]
}
Reference in New Issue View Git Blame Copy Permalink