Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-38870

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-25 Oct, 2022 | 00:00
Updated At-07 May, 2025 | 20:14
Rejected At-
Credits

Free5gc v3.2.1 is vulnerable to Information disclosure.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:25 Oct, 2022 | 00:00
Updated At:07 May, 2025 | 20:14
Rejected At:
▼CVE Numbering Authority (CNA)

Free5gc v3.2.1 is vulnerable to Information disclosure.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/free5gc/free5gc/issues/387
N/A
Hyperlink: https://github.com/free5gc/free5gc/issues/387
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/free5gc/free5gc/issues/387
x_transferred
Hyperlink: https://github.com/free5gc/free5gc/issues/387
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-306CWE-306 Missing Authentication for Critical Function
Type: CWE
CWE ID: CWE-306
Description: CWE-306 Missing Authentication for Critical Function
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:25 Oct, 2022 | 17:15
Updated At:07 May, 2025 | 21:15

Free5gc v3.2.1 is vulnerable to Information disclosure.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
free5gc
free5gc
>>free5gc>>3.2.1
cpe:2.3:a:free5gc:free5gc:3.2.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-306Primarynvd@nist.gov
CWE-306Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-306
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-306
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/free5gc/free5gc/issues/387cve@mitre.org
Exploit
Third Party Advisory
https://github.com/free5gc/free5gc/issues/387af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
Hyperlink: https://github.com/free5gc/free5gc/issues/387
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://github.com/free5gc/free5gc/issues/387
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

258Records found
CVE-2025-67805
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 3.99%
||
7 Day CHG~0.00%
Published-01 Apr, 2026 | 00:00
Updated-10 May, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Cloud. It was forcibly disabled again in version 2025_06_003.

Action-Not Available
Vendor-sagedpwn/a
Product-sage_dpwn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-3402
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.51% / 66.88%
||
7 Day CHG~0.00%
Published-02 Jul, 2020 | 04:20
Updated-15 Nov, 2024 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Unified Customer Voice Portal Information Disclosure Vulnerability

A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because certain RMI listeners are not properly authenticated. An attacker could exploit this vulnerability by sending a crafted request to the affected listener. A successful exploit could allow the attacker to access sensitive information on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unified_customer_voice_portalCisco Unified IP Interactive Voice Response (IVR)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-11579
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-51.35% / 97.93%
||
7 Day CHG~0.00%
Published-03 Sep, 2020 | 17:15
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled.

Action-Not Available
Vendor-chadhaajayn/aThe PHP Group
Product-phpphpkbn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-10973
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-24.83% / 96.25%
||
7 Day CHG~0.00%
Published-07 May, 2020 | 17:50
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available.

Action-Not Available
Vendor-n/aWAVLINK Technology Ltd.
Product-wn551k1wn531g3wn531g3_firmwarewn551k1_firmwarewn530hg4_firmwarewn530hg4wn533a8_firmwarewn533a8n/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-21934
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.31% / 54.14%
||
7 Day CHG~0.00%
Published-21 Jul, 2021 | 13:24
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n where authentication to download the Syslog could be bypassed.

Action-Not Available
Vendor-n/aMotorola Mobility LLC. (Lenovo Group Limited)
Product-cx2_firmwarecx2n/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2017-20213
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.21% / 43.67%
||
7 Day CHG~0.00%
Published-07 Jan, 2026 | 23:09
Updated-07 Apr, 2026 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FLIR Thermal Camera F/FC/PT/D Stream 8.0.0.64 Unauthenticated Stream Disclosure

FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerability that allows remote attackers to access live camera streams without credentials. Attackers can exploit the vulnerability to view unauthorized thermal camera video feeds across multiple camera series without requiring any authentication.

Action-Not Available
Vendor-FLIR Systems, Inc.
Product-FLIR Thermal Camera F/FC/PT/D Stream
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2017-20217
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.14% / 33.24%
||
7 Day CHG~0.00%
Published-15 Mar, 2026 | 18:34
Updated-16 Mar, 2026 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Serviio PRO 1.8 REST API Information Disclosure

Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive information. Remote attackers can send specially crafted requests to the REST API endpoints to retrieve potentially sensitive configuration data without authentication.

Action-Not Available
Vendor-Serviio
Product-Serviio PRO
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-18230
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.12%
||
7 Day CHG~0.00%
Published-31 Oct, 2019 | 21:15
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Honeywell equIP and Performance series IP cameras, multiple versions, A vulnerability exists where the affected product allows unauthenticated access to audio streaming over HTTP.

Action-Not Available
Vendor-n/aHoneywell International Inc.
Product-hcd8g_firmwarehdz302din-s1_firmwareh4d8pr1h3w4gr1_firmwarehm4l8gr1h3w2gr2hcw4g_firmwarehcw2g_firmwareh3w4gr1h4lggr2hbw4gr1_firmwareh2w2gr1_firmwareh4l6gr2hmbl8gr1hdzp304di_firmwareh3w2gr1v_firmwarehdzp252dihdz302din_firmwareh4w4gr1vhpw2p1h4w4gr1hbw2gr1hdz302deh3w2gr2_firmwareh4l2gr1vhbl6gr2h4l6gr2_firmwarehdz302liwhfd6gr1_firmwarehdz302lik_firmwarehcw4ghbw2gr3_firmwarehdz302de_firmwareh3w2gr1h3w4gr1vhbw4gr1vh2w2gr1hcw2gvhbl2gr1vh3w4gr1v_firmwarehdz302dhbd8gr1_firmwareh4w2gr1_firmwareh4w4gr1v_firmwarehbw2gr3hdzp304dih4w2gr2hbl6gr2_firmwarehfd6gr1hdz302likhmbl8gr1_firmwarehdzp252di_firmwarehcw2gh4l2gr1hbl2gr1hdz302d_firmwarehcw2gv_firmwarehcd8ghm4l8gr1_firmwareh4w2gr2_firmwareh4l2gr1v_firmwareh4d8gr1h4w2gr1v_firmwareh4w2gr1vh4w2gr1hfd5pr1_firmwarehbd8gr1h4d8pr1_firmwareh4lggr2_firmwarehbw4gr1h3w2gr1vhdz302din-c1hpw2p1_firmwarehbw2gr1vhbw2gr3vhbl2gr1_firmwarehdz302din-s1hbw2gr1v_firmwareh3w2gr1_firmwarehbw2gr1_firmwarehbw2gr3v_firmwareh4w4gr1_firmwareh4l2gr1_firmwarehcl2gv_firmwarehfd8gr1_firmwarehbw4gr1v_firmwarehfd8gr1hdz302din-c1_firmwarehdz302liw_firmwarehbl2gr1v_firmwarehdz302dinhcl2gvhcl2g_firmwareh4d8gr1_firmwarehcl2ghfd5pr1Honeywell equIP & Performance series IP cameras
CWE ID-CWE-306
Missing Authentication for Critical Function
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found