CVE-2026-22312

Published: Giu 16, 2026 Last Modified: Giu 16, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,6

Source: a6d3dc9e-0591-4a13-bce7-0f5b31ff6158

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: low

Integrity: high

Availability: low

Description

AI Translation Available

The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration
and execute some commands (e.g. system reboot).

798

Use of Hard-coded Credentials

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Integrity Confidentiality Availability Other

Potential Impacts:

Bypass Protection Mechanism Read Application Data Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands Other

Applicable Platforms

Technologies: Mobile, ICS/OT

Likelihood of Exploit: High

View CWE Details

https://www.cvcn.gov.it/cvcn/cve/CVE-2026-22312

CVE-2026-22312

Description

Use of Hard-coded Credentials

Common Consequences

Applicable Platforms

Iscriviti alla newsletter