MidnightBSD

Advisories for proscend

CVE-2022-36779

PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (with GPS)4 Unauthenticated OS Command Injection Proscend M330-w / M33-W5 / M350-5G / M350-W5G / M350-6 / M350-W6 / M301-G / M301-GW ADVICE ICR 111WG / https://www.proscend.com/en/category/industrial-Cellular-Router/industrial-Cellular-Router.html https://cdn.shopify.com/s/files/1/0036/9413/3297/files/ADVICE_Industrial_4G_LTE_Cellular_Router_ICR111WG.pdf?v=1620814301

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@cyber.gov.il 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L 2.3 3.7
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
proscend m350-w6_firmware *
proscend m301-g_firmware *
proscend m301-gw_firmware *
proscend m330-w5_firmware *
proscend m350-5g_firmware *
advice icr_111wg_firmware *
proscend m350-w5g_firmware *
proscend m330-w_firmware *
proscend m350-6_firmware *
CVE-2023-3703

Proscend Advice ICR Series routers FW version 1.76 - CWE-1392: Use of Default Credentials

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@cyber.gov.il 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
proscend m560-5g_firmware 1.76
proscend a552i-f1_firmware 1.76
proscend m330-w5_firmware 1.76
proscend m350-5g_firmware 1.76
proscend m357-5g_firmware 1.76
proscend a510-f1_firmware 1.76
proscend m330-w_firmware 1.76
proscend a520i-f1_firmware 1.76
proscend a551i-f4_firmware 1.76
proscend m350-w6_firmware 1.76
proscend m301-gw_firmware 1.76
proscend m360-p_firmware 1.76
proscend m357-ai_firmware 1.76
proscend a510-l1_firmware 1.76
proscend m301-g_firmware 1.76
proscend m350-w5g_firmware 1.76
proscend a543i-l1_firmware 1.76
proscend m350-6_firmware 1.76
proscend a551i-f1_firmware 1.76
proscend m331_firmware 1.76