How severe is CVE-2022-33321?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2022-33321?

This is classified as CWE-319, which is a common weakness in software security.

CVE-2022-33321

CRITICAL Year: 2022

CVSS v3 Score

9.8

Critical

Weakness Type

CWE-319

View all →

Vulnerability Description

Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric HEMS Energy Measurement Unit, Refrigerator, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch, Ventilating Fan, Range hood fan, Energy Measurement Unit and Air Purifier) allows a remote unauthenticated attacker to disclose information in the products or cause a denial of service (DoS) condition as a result by sniffing credential information (username and password). The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section.

CVE-2016-5649

CRITICAL

CVSS:9.8(Critical)

A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access...

CWE-3192016

CVE-2017-15999

CRITICAL

CVSS:9.8(Critical)

In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an...

CWE-3192017

CVE-2018-11421

CRITICAL

CVSS:9.8(Critical)

Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All infor...

CWE-3192018

CVE-2018-11422

CRITICAL

CVSS:9.8(Critical)

Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary configuration protocol that does not provide confidentiality, integrity, and authenticity security controls. All in...

CWE-3192018

CVE-2018-11749

CRITICAL

CVSS:9.8(Critical)

When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.4...

CWE-3192018

CVE-2018-1297

CRITICAL

CVSS:9.8(Critical)

When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

CWE-3192018

CVE-2022-33321

Vulnerability Description

Related Vulnerabilities

CVE-2016-5649

CVE-2017-15999

CVE-2018-11421

CVE-2018-11422

CVE-2018-11749

CVE-2018-1297