CVE-2022-27632

Published on: Not Yet Published

Last Modified on: 06/02/2022 03:07:00 PM UTC

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Certain versions of Poe Boot Nino Poe8m2 from Meikyo contain the following vulnerability:

Cross-site request forgery (CSRF) vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini RPC-M4H [End of Sale] all firmware versions, WATCH BOOT nino RPC-M2CS firmware version 1.00A to 1.00D, WATCH BOOT light RPC-M5CS firmware version 1.00A to 1.00D, WATCH BOOT L-zero RPC-M4LS firmware version 1.00A to 1.20A, and Signage Rebooter RPC-M4HSi firmware version 1.00A), PoE Rebooter(PoE BOOT nino PoE8M2 firmware version 1.00A to 1.20A), Scheduler(TIME BOOT mini RSC-MT4H [End of Sale] all firmware versions, TIME BOOT RSC-MT8F [End of Sale] all firmware versions, TIME BOOT RSC-MT8FP [End of Sale] all firmware versions, TIME BOOT mini RSC-MT4HS firmware version 1.00A to 1.10A, and TIME BOOT RSC-MT8FS firmware version 1.00A to 1.00E), and Contact Converter(POSE SE10-8A7B1 firmware version 1.00A to 1.20A) allows a remote attacker to hijack the authentication of an administrator and conduct arbitrary operations by having a user to view a specially crafted page.

  • CVE-2022-27632 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.
  • Affected Vendor/Software: URL Logo MEIKYO ELECTRIC CO.,LTD. - Rebooter, PoE Rebooter, Scheduler, and Contact Converter version Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini RPC-M4H [End of Sale] all firmware versions, WATCH BOOT nino RPC-M2CS firmware version 1.00A to 1.00D, WATCH BOOT light RPC-M5CS firmware version 1.00A to 1.00D, WATCH BOOT L-zero RPC-M4LS firmware version 1.00A to 1.20A, and Signage Rebooter RPC-M4HSi firmware version 1.00A), PoE Rebooter(PoE BOOT nino PoE8M2 firmware version 1.00A to 1.20A), Scheduler(TIME BOOT mini RSC-MT4H [End of Sale] all firmware versions, TIME BOOT RSC-MT8F [End of Sale] all firmware versions, TIME BOOT RSC-MT8FP [End of Sale] all firmware versions, TIME BOOT mini RSC-MT4HS firmware version 1.00A to 1.10A,and TIME BOOT RSC-MT8FS firmware version 1.00A to 1.00E), and Contact Converter(POSE SE10-8A7B1 firmware version 1.00A to 1.20A)

CVSS3 Score: 8.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 6.8 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
No Description Provided www.meikyo.co.jp
text/html
URL Logo MISC www.meikyo.co.jp/vln/
JVN#58266015: Multiple vulnerabilities in multiple MEIKYO ELECTRIC products jvn.jp
text/xml
URL Logo MISC jvn.jp/en/jp/JVN58266015/index.html

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Hardware Device InfoMeikyoPoe Boot Nino Poe8m2-AllAllAll
Operating
System
MeikyoPoe Boot Nino Poe8m2 FirmwareAllAllAllAll
Hardware Device InfoMeikyoPose Se10-8a7b1-AllAllAll
Operating
System
MeikyoPose Se10-8a7b1 Firmware-AllAllAll
Operating
System
MeikyoPose Se10-8a7b1 FirmwareAllAllAllAll
Hardware Device InfoMeikyoSignage Rebooter Rpc-m4hsi-AllAllAll
Operating
System
MeikyoSignage Rebooter Rpc-m4hsi Firmware1.00aAllAllAll
Hardware Device InfoMeikyoTime Boot Mini Rsc-mt4h-AllAllAll
Hardware Device InfoMeikyoTime Boot Mini Rsc-mt4hs-AllAllAll
Operating
System
MeikyoTime Boot Mini Rsc-mt4hs FirmwareAllAllAllAll
Operating
System
MeikyoTime Boot Mini Rsc-mt4h Firmware-AllAllAll
Hardware Device InfoMeikyoTime Boot Rsc-mt8f-AllAllAll
Hardware Device InfoMeikyoTime Boot Rsc-mt8fp-AllAllAll
Operating
System
MeikyoTime Boot Rsc-mt8fp Firmware-AllAllAll
Hardware Device InfoMeikyoTime Boot Rsc-mt8fs-AllAllAll
Operating
System
MeikyoTime Boot Rsc-mt8fs FirmwareAllAllAllAll
Operating
System
MeikyoTime Boot Rsc-mt8f Firmware-AllAllAll
Hardware Device InfoMeikyoWatch Boot L-zero Rpc-m4l-AllAllAll
Hardware Device InfoMeikyoWatch Boot L-zero Rpc-m4ls-AllAllAll
Operating
System
MeikyoWatch Boot L-zero Rpc-m4ls FirmwareAllAllAllAll
Operating
System
MeikyoWatch Boot L-zero Rpc-m4l Firmware-AllAllAll
Hardware Device InfoMeikyoWatch Boot Light Rpc-m5c-AllAllAll
Hardware Device InfoMeikyoWatch Boot Light Rpc-m5cs-AllAllAll
Operating
System
MeikyoWatch Boot Light Rpc-m5cs FirmwareAllAllAllAll
Operating
System
MeikyoWatch Boot Light Rpc-m5c Firmware-AllAllAll
Hardware Device InfoMeikyoWatch Boot Mini Rpc-m4h-AllAllAll
Operating
System
MeikyoWatch Boot Mini Rpc-m4h Firmware-AllAllAll
Hardware Device InfoMeikyoWatch Boot Nino Rpc-m2c-AllAllAll
Hardware Device InfoMeikyoWatch Boot Nino Rpc-m2cs-AllAllAll
Operating
System
MeikyoWatch Boot Nino Rpc-m2cs FirmwareAllAllAllAll
Operating
System
MeikyoWatch Boot Nino Rpc-m2c Firmware-AllAllAll
  • cpe:2.3:h:meikyo:poe_boot_nino_poe8m2:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:meikyo:poe_boot_nino_poe8m2_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:meikyo:pose_se10-8a7b1:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:meikyo:pose_se10-8a7b1_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:meikyo:pose_se10-8a7b1_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:meikyo:signage_rebooter_rpc-m4hsi:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:meikyo:signage_rebooter_rpc-m4hsi_firmware:1.00a:*:*:*:*:*:*:*:
  • cpe:2.3:h:meikyo:time_boot_mini_rsc-mt4h:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:meikyo:time_boot_mini_rsc-mt4hs:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:meikyo:time_boot_mini_rsc-mt4hs_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:meikyo:time_boot_mini_rsc-mt4h_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:meikyo:time_boot_rsc-mt8f:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:meikyo:time_boot_rsc-mt8fp:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:meikyo:time_boot_rsc-mt8fp_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:meikyo:time_boot_rsc-mt8fs:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:meikyo:time_boot_rsc-mt8fs_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:meikyo:time_boot_rsc-mt8f_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:meikyo:watch_boot_l-zero_rpc-m4l:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:meikyo:watch_boot_l-zero_rpc-m4ls:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:meikyo:watch_boot_l-zero_rpc-m4ls_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:meikyo:watch_boot_l-zero_rpc-m4l_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:meikyo:watch_boot_light_rpc-m5c:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:meikyo:watch_boot_light_rpc-m5cs:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:meikyo:watch_boot_light_rpc-m5cs_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:meikyo:watch_boot_light_rpc-m5c_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:meikyo:watch_boot_mini_rpc-m4h:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:meikyo:watch_boot_mini_rpc-m4h_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:meikyo:watch_boot_nino_rpc-m2c:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:meikyo:watch_boot_nino_rpc-m2cs:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:meikyo:watch_boot_nino_rpc-m2cs_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:meikyo:watch_boot_nino_rpc-m2c_firmware:-:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @CVEreport CVE-2022-27632 : Cross-site request forgery CSRF vulnerability in Rebooter WATCH BOOT nino RPC-M2C [End of Sale]… twitter.com/i/web/status/1… 2022-05-18 14:11:35
Reddit Logo Icon /r/netcve CVE-2022-27632 2022-05-18 14:39:09
© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report