CVE Catalog

CVE-2026-22312

HighCVSS 8.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

14th percentile — higher than 14% of all known CVEs

Summary

The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration, and execute some commands (e.g. system reboot).

Risk Assessment

An attacker can gain unauthorized access to critical system settings, potentially leading to serious disruptions in device operation and data loss.

Recommendation

It is recommended to implement stronger authentication for the API and to monitor system access to detect unauthorized attempts.

Original NVD description (English source)

The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration and execute some commands (e.g. system reboot).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS