CVE-2026-22312
HighCVSS 8.6Exploitation Probability (EPSS)
Low risk14th percentile — higher than 14% of all known CVEs
Summary
The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration, and execute some commands (e.g. system reboot).
Risk Assessment
An attacker can gain unauthorized access to critical system settings, potentially leading to serious disruptions in device operation and data loss.
Recommendation
It is recommended to implement stronger authentication for the API and to monitor system access to detect unauthorized attempts.
Original NVD description (English source)
The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration and execute some commands (e.g. system reboot).

