How severe is CVE-2022-28743?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.6 out of 10.

What type of vulnerability is CVE-2022-28743?

This is classified as CWE-367, which is a common weakness in software security.

CVE-2022-28743 - MEDIUM Severity | CVSS 6.6

Vulnerability Description

Time-of-check Time-of-use (TOCTOU) Race Condition vulerability in Foscam R2C IP camera running System FW <= 1.13.1.6, and Application FW <= 2.91.2.66, allows an authenticated remote attacker with administrator permissions to execute arbitrary remote code via a malicious firmware patch. The impact of this vulnerability is that the remote attacker could gain full remote access to the IP camera and the underlying Linux system with root permissions. With root access to the camera's Linux OS, an attacker could effectively change the code that is running, add backdoor access, or invade the privacy of the user by accessing the live camera stream.

Related Vulnerabilities

CVE-2020-25860

MEDIUM

CVSS:6.6(Medium)

The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the fil...

CWE-3672020

CVE-2021-3054

MEDIUM

CVSS:6.6(Medium)

A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute ...

CWE-3672021

CVE-2021-33097

MEDIUM

CVSS:6.6(Medium)

Time-of-check time-of-use vulnerability in the Crypto API Toolkit for Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via network access.

CWE-3672021

CVE-2024-39821

MEDIUM

CVSS:6.6(Medium)

Race condition in the installer for Zoom Workplace App for Windows and Zoom Rooms App for Windows may allow an authenticated user to conduct a denial of service via local access.

CWE-3672024

CVE-2019-7307

MEDIUM

CVSS:6.5(Medium)

Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.x...

CWE-3672019

CVE-2024-2913

MEDIUM

CVSS:6.5(Medium)

A race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically within the user invite acceptance process. Attackers can exploit this vulnerability by sending multiple...

CWE-3672024