Vulnerability Details CVE-2022-27632
Cross-site request forgery (CSRF) vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini RPC-M4H [End of Sale] all firmware versions, WATCH BOOT nino RPC-M2CS firmware version 1.00A to 1.00D, WATCH BOOT light RPC-M5CS firmware version 1.00A to 1.00D, WATCH BOOT L-zero RPC-M4LS firmware version 1.00A to 1.20A, and Signage Rebooter RPC-M4HSi firmware version 1.00A), PoE Rebooter(PoE BOOT nino PoE8M2 firmware version 1.00A to 1.20A), Scheduler(TIME BOOT mini RSC-MT4H [End of Sale] all firmware versions, TIME BOOT RSC-MT8F [End of Sale] all firmware versions, TIME BOOT RSC-MT8FP [End of Sale] all firmware versions, TIME BOOT mini RSC-MT4HS firmware version 1.00A to 1.10A, and TIME BOOT RSC-MT8FS firmware version 1.00A to 1.00E), and Contact Converter(POSE SE10-8A7B1 firmware version 1.00A to 1.20A) allows a remote attacker to hijack the authentication of an administrator and conduct arbitrary operations by having a user to view a specially crafted page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.4%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
Products affected by CVE-2022-27632
-
cpe:2.3:h:meikyo:poe_boot_nino_poe8m2:-
-
cpe:2.3:h:meikyo:pose_se10-8a7b1:-
-
cpe:2.3:h:meikyo:signage_rebooter_rpc-m4hsi:-
-
cpe:2.3:h:meikyo:time_boot_mini_rsc-mt4h:-
-
cpe:2.3:h:meikyo:time_boot_mini_rsc-mt4hs:-
-
cpe:2.3:h:meikyo:time_boot_rsc-mt8f:-
-
cpe:2.3:h:meikyo:time_boot_rsc-mt8fp:-
-
cpe:2.3:h:meikyo:time_boot_rsc-mt8fs:-
-
cpe:2.3:h:meikyo:watch_boot_l-zero_rpc-m4l:-
-
cpe:2.3:h:meikyo:watch_boot_l-zero_rpc-m4ls:-
-
cpe:2.3:h:meikyo:watch_boot_light_rpc-m5c:-
-
cpe:2.3:h:meikyo:watch_boot_light_rpc-m5cs:-
-
cpe:2.3:h:meikyo:watch_boot_mini_rpc-m4h:-
-
cpe:2.3:h:meikyo:watch_boot_nino_rpc-m2c:-
-
cpe:2.3:h:meikyo:watch_boot_nino_rpc-m2cs:-
-
cpe:2.3:o:meikyo:poe_boot_nino_poe8m2_firmware:*
-
cpe:2.3:o:meikyo:pose_se10-8a7b1_firmware:*
-
cpe:2.3:o:meikyo:pose_se10-8a7b1_firmware:-
-
cpe:2.3:o:meikyo:signage_rebooter_rpc-m4hsi_firmware:1.00a
-
cpe:2.3:o:meikyo:time_boot_mini_rsc-mt4h_firmware:-
-
cpe:2.3:o:meikyo:time_boot_mini_rsc-mt4hs_firmware:*
-
cpe:2.3:o:meikyo:time_boot_rsc-mt8f_firmware:-
-
cpe:2.3:o:meikyo:time_boot_rsc-mt8fp_firmware:-
-
cpe:2.3:o:meikyo:time_boot_rsc-mt8fs_firmware:*
-
cpe:2.3:o:meikyo:watch_boot_l-zero_rpc-m4l_firmware:-
-
cpe:2.3:o:meikyo:watch_boot_l-zero_rpc-m4ls_firmware:*
-
cpe:2.3:o:meikyo:watch_boot_light_rpc-m5c_firmware:-
-
cpe:2.3:o:meikyo:watch_boot_light_rpc-m5cs_firmware:*
-
cpe:2.3:o:meikyo:watch_boot_mini_rpc-m4h_firmware:-
-
cpe:2.3:o:meikyo:watch_boot_nino_rpc-m2c_firmware:-
-
cpe:2.3:o:meikyo:watch_boot_nino_rpc-m2cs_firmware:*