A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects all Solar-Log devices that use firmware version v4.2.7 up to v5.1.1 (included).
References
Link | Resource |
---|---|
https://www.solar-log.com/en/support/firmware-database-1 | Vendor Advisory |
https://www.swascan.com/security-advisory-solar-log/ | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
History
06 Feb 2023, 17:05
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:solar-log:solar-log_300:-:*:*:*:*:*:*:* cpe:2.3:h:solar-log:solar-log_500:-:*:*:*:*:*:*:* cpe:2.3:o:solar-log:solar-log_800e_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:solar-log:solar-log_800e:-:*:*:*:*:*:*:* cpe:2.3:h:solar-log:solar-log_1000:-:*:*:*:*:*:*:* cpe:2.3:h:solar-log:solar-log_50:-:*:*:*:*:*:*:* cpe:2.3:o:solar-log:solar-log_1000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:solar-log:solar-log_50_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:solar-log:solar-log_300_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:solar-log:solar-log_2000_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:solar-log:solar-log_250:-:*:*:*:*:*:*:* cpe:2.3:o:solar-log:solar-log_1200_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:solar-log:solar-log_1000_pm\+_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:solar-log:solar-log_1200:-:*:*:*:*:*:*:* cpe:2.3:h:solar-log:solar-log_1000_pm\+:-:*:*:*:*:*:*:* cpe:2.3:o:solar-log:solar-log_250_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:solar-log:solar-log_500_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:solar-log:solar-log_2000:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | NVD-CWE-noinfo | |
First Time |
Solar-log solar-log 1200
Solar-log solar-log 500 Firmware Solar-log solar-log 300 Solar-log solar-log 500 Solar-log solar-log 1200 Firmware Solar-log solar-log 250 Firmware Solar-log solar-log 800e Firmware Solar-log solar-log 300 Firmware Solar-log solar-log 2000 Solar-log solar-log 1000 Pm\+ Solar-log solar-log 50 Firmware Solar-log solar-log 1000 Solar-log solar-log 1000 Pm\+ Firmware Solar-log Solar-log solar-log 1000 Firmware Solar-log solar-log 2000 Firmware Solar-log solar-log 250 Solar-log solar-log 50 Solar-log solar-log 800e |
|
References | (MISC) https://www.solar-log.com/en/support/firmware-database-1 - Vendor Advisory | |
References | (MISC) https://www.swascan.com/security-advisory-solar-log/ - Exploit, Third Party Advisory |
26 Jan 2023, 21:18
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-26 21:18
Updated : 2023-12-10 14:48
NVD link : CVE-2022-47767
Mitre link : CVE-2022-47767
CVE.ORG link : CVE-2022-47767
JSON object : View
Products Affected
solar-log
- solar-log_250
- solar-log_2000
- solar-log_50
- solar-log_1200_firmware
- solar-log_2000_firmware
- solar-log_800e
- solar-log_1000_pm\+_firmware
- solar-log_800e_firmware
- solar-log_1000
- solar-log_1000_pm\+
- solar-log_500_firmware
- solar-log_50_firmware
- solar-log_1000_firmware
- solar-log_1200
- solar-log_300
- solar-log_500
- solar-log_300_firmware
- solar-log_250_firmware
CWE