Known Vulnerabilities
CVE-2022-45140
The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise.
CRITICAL
CVSS 9.8
Published Feb 27, 2023
CVE-2022-22511
Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.
MEDIUM
CVSS 5.4
Published Mar 09, 2022