MidnightBSD

Advisories for chcnav

CVE-2022-30622

Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sys_username_passwd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit information within the JS code sent to the customer within the Login.js file is a strong user (which is not documented) and also the password, which allow for super-user access. Username: chcadmin, Password: chcpassword.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@cyber.gov.il 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L 1.8 3.4
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
chcnav p5e_gnss_firmware *
chcnav p5e_gnss_firmware 4.2
CVE-2022-30623

The server checks the user's cookie in a non-standard way, and a value is entered in the cookie value name of the status and its value is set to true to bypass the identification with the system using a username and password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cna@cyber.gov.il 5.9 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 2.5 3.4

Products Affected

Vendor Product Version
chcnav p5e_gnss_firmware 4.1
chcnav p5e_gnss_firmware 4.2
CVE-2022-30624

Browsing the admin.html page allows the user to reset the admin password. Also appears in the JS code for the password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@cyber.gov.il 6.8 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L 2.5 3.7
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
chcnav p5e_gnss_firmware 4.1
chcnav p5e_gnss_firmware 4.2
CVE-2022-30625

Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. A directory listing provides an attacker with the complete index of all the resources located inside of the directory. The specific risks and consequences vary depending on which files are listed and accessible.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@cyber.gov.il 5.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L 1.5 3.7
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
chcnav p5e_gnss_firmware 4.1
chcnav p5e_gnss_firmware 4.2
CVE-2022-30626

Browsing the path: http://ip/wifi_ap_pata_get.cmd, will show in the name of the existing access point on the component, and a password in clear text.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@cyber.gov.il 6.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L 2.0 3.7
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
chcnav p5e_gnss_firmware 4.1
chcnav p5e_gnss_firmware 4.2
CVE-2022-30627

This vulnerability affects all of the company's products that also include the FW versions: update_i90_cv2.021_b20210104, update_i50_v1.0.55_b20200509, update_x6_v2.1.2_b202001127, update_b5_v2.0.9_b20200706. This vulnerability makes it possible to extract from the FW the existing user passwords on their operating systems and passwords.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@cyber.gov.il 5.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L 1.5 3.7
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
chcnav p5e_gnss_firmware 4.1
chcnav p5e_gnss_firmware 4.2
chcnav p5e_gnss_firmware update_x6_v2.1.2_b202001127
chcnav p5e_gnss_firmware update_i50_v1.0.55_b20200509
chcnav p5e_gnss_firmware update_b5_v2.0.9_b20200706
chcnav p5e_gnss_firmware update_i90_cv2.021_b20210104