Search criteria
2 vulnerabilities found for Home AP NIS-HAP11AC by Neo Information Systems Co., Ltd
CVE-2022-23768 (GCVE-0-2022-23768)
Vulnerability from cvelistv5 – Published: 2022-09-19 19:48 – Updated: 2025-06-03 18:20
VLAI?
Title
Neo Information Sys. NIS-HAP11AC remote access and manipulation vulnerability
Summary
This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the device.
Severity ?
8.8 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Neo Information Systems Co., Ltd | Home AP NIS-HAP11AC |
Affected:
V3.0-B20201117095902
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66928"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23768",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-29T18:33:04.372892Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T18:20:38.436Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows, Android and etc."
],
"product": "Home AP NIS-HAP11AC",
"vendor": "Neo Information Systems Co., Ltd",
"versions": [
{
"status": "affected",
"version": "V3.0-B20201117095902"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-19T19:48:56.000Z",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66928"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Neo Information Sys. NIS-HAP11AC remote access and manipulation vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2022-23768",
"STATE": "PUBLIC",
"TITLE": "Neo Information Sys. NIS-HAP11AC remote access and manipulation vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Home AP NIS-HAP11AC",
"version": {
"version_data": [
{
"platform": "Windows, Android and etc.",
"version_affected": "=",
"version_value": "V3.0-B20201117095902"
}
]
}
}
]
},
"vendor_name": "Neo Information Systems Co., Ltd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the device."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66928",
"refsource": "MISC",
"url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66928"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2022-23768",
"datePublished": "2022-09-19T19:48:57.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2025-06-03T18:20:38.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23768 (GCVE-0-2022-23768)
Vulnerability from nvd – Published: 2022-09-19 19:48 – Updated: 2025-06-03 18:20
VLAI?
Title
Neo Information Sys. NIS-HAP11AC remote access and manipulation vulnerability
Summary
This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the device.
Severity ?
8.8 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Neo Information Systems Co., Ltd | Home AP NIS-HAP11AC |
Affected:
V3.0-B20201117095902
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66928"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23768",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-29T18:33:04.372892Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T18:20:38.436Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows, Android and etc."
],
"product": "Home AP NIS-HAP11AC",
"vendor": "Neo Information Systems Co., Ltd",
"versions": [
{
"status": "affected",
"version": "V3.0-B20201117095902"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-19T19:48:56.000Z",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66928"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Neo Information Sys. NIS-HAP11AC remote access and manipulation vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2022-23768",
"STATE": "PUBLIC",
"TITLE": "Neo Information Sys. NIS-HAP11AC remote access and manipulation vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Home AP NIS-HAP11AC",
"version": {
"version_data": [
{
"platform": "Windows, Android and etc.",
"version_affected": "=",
"version_value": "V3.0-B20201117095902"
}
]
}
}
]
},
"vendor_name": "Neo Information Systems Co., Ltd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the device."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66928",
"refsource": "MISC",
"url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66928"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2022-23768",
"datePublished": "2022-09-19T19:48:57.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2025-06-03T18:20:38.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}