CVE-2022-40903

Published Nov 14, 2022

Last updated 2 years ago

CVSS medium 6.5

Overview

Description: Aiphone GT-DMB-N 3-in-1 Video Entrance Station with NFC Reader 1.0.3 does not mitigate against repeated failed access attempts, which allows an attacker to gain administrative privileges.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:aiphone:gt-dmb-n:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0AB295CF-BCDE-4AD7-9B9A-405A80DDF2BE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:aiphone:gt-dmb-n_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6D30440-5146-487B-9E8B-C7158C77A08D",
            "versionEndExcluding": "3.00"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:aiphone:gt-dmb:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DE4BFBE3-975D-4604-BD00-D979179919BC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:aiphone:gt-dmb_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D496A08F-D301-45C4-8D7E-EA56BCCBFBBE",
            "versionEndExcluding": "3.00"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:aiphone:gt-dmb-lvn:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DE20C953-30DB-4A6D-8926-2A4958CBB753"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:aiphone:gt-dmb-lvn_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "891D2AC0-53E7-4ABE-B9FC-9CE4CD05C249",
            "versionEndExcluding": "3.00"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:aiphone:gt-db-vn:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "652A6388-F059-4A14-8D7E-EC59892EAD48"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:aiphone:gt-db-vn_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "226D2E6E-FF2B-4EE5-A416-B2FD1795DC0E",
            "versionEndExcluding": "2.00"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References