CVE-2022-38453

MEDIUM Year: 2022
CVSS v3 Score
4.4
Medium
Weakness Type
CWE-489
View all →

Vulnerability Description

Multiple binary application files on the CMS8000 device are compiled with 'not stripped' and 'debug_info' compilation settings. These compiler settings greatly decrease the level of effort for a threat actor to reverse engineer sensitive code and identify additional vulnerabilities.

Related Vulnerabilities

CVE-2022-30543

MEDIUM
CVSS:4.3(Medium)

A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged...

CWE-4892022

CVE-2024-29075

MEDIUM
CVSS:4.6(Medium)

Active debug code vulnerability exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may obtain or alte...

CWE-4892024

CVE-2022-29481

MEDIUM
CVSS:4.9(Medium)

A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security feat...

CWE-4892022

CVE-2023-21496

MEDIUM
CVSS:5.5(Medium)

Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level.

CWE-4892023

CVE-2022-46156

LOW
CVSS:3.3(Low)

The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monito...

CWE-4892022

CVE-2021-1381

MEDIUM
CVSS:6.1(Medium)

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with high privileges or an unauthenticated attacker with physical access to the device to open a debugging console...

CWE-4892021