CVE-2022-28605

Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00 allows remote attackers to gain admin privilege access in linkplay antifactory
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:linkplay:sound_bar:1.0:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

History

30 Jun 2022, 13:15

Type Values Removed Values Added
Summary LinkPlay Sound Bar v1.0 allows attackers to escalate privileges via a hardcoded password for the SSL certificate. Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00 allows remote attackers to gain admin privilege access in linkplay antifactory

13 Jun 2022, 16:36

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8
References (MISC) https://gist.github.com/zachi40/1f8d174939684c07f5e32ee039ce9acf - (MISC) https://gist.github.com/zachi40/1f8d174939684c07f5e32ee039ce9acf - Third Party Advisory
CWE CWE-798
First Time Linkplay sound Bar
Apple iphone Os
Google android
Google
Linkplay
Apple
CPE cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
cpe:2.3:a:linkplay:sound_bar:1.0:*:*:*:*:*:*:*

02 Jun 2022, 14:53

Type Values Removed Values Added
New CVE

Information

Published : 2022-06-02 14:15

Updated : 2022-06-30 13:15


NVD link : CVE-2022-28605

Mitre link : CVE-2022-28605


JSON object : View

Products Affected

google

  • android

linkplay

  • sound_bar

apple

  • iphone_os
CWE
CWE-798

Use of Hard-coded Credentials