CVE-2026-22312

HIGH EPSS 13.9%

Published Jun 16, 20261w ago · Modified Jun 17, 20261w ago

8.6 CVSS 3.1

High

Published Jun 16, 2026 1w ago

Last Modified Jun 17, 2026 1w ago

Description

The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration and execute some commands (e.g. system reboot).

CVSS Details

Base Score

8.6

Exploitability

3.9

Impact

4.7

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality Low

Integrity High

Availability Low

Threat Intelligence

EPSS Exploit Probability

13.9% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-798 Use of Hard-coded Credentials Authentication

References 1

cvcn.gov.it https://www.cvcn.gov.it/cvcn/cve/CVE-2026-22312

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.