□ Overview
o Neo Information Systems Co., Ltd released security update to address remote access and manipulation vulnerability because of improper access control in NIS-HAP11AC.
□ Description
o This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service.
o Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the device.
□ Affected Product
□ Solution
o Update software over Home AP NIS-HAP11AC V4.2-B20220530142945 version or higher.
□ Reference
[1] http://www.neoinfosys.com/
□ Acknowledgements
o Thanks to YoungWoo KWON for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀
o Neo Information Systems Co., Ltd released security update to address remote access and manipulation vulnerability because of improper access control in NIS-HAP11AC.
| Vulnerability Type | Impact | Severity | CVSS Score | CVE ID |
|---|---|---|---|---|
| Improper Access Control | privilege extortion, file download and etc. |
High | 8.8 | CVE-2022-23768 |
□ Description
o This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service.
o Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the device.
□ Affected Product
| Product | Version | Platform |
|---|---|---|
| Home AP NIS-HAP11AC | V3.0-B20201117095902 | Windows, Android and etc. |
□ Solution
o Update software over Home AP NIS-HAP11AC V4.2-B20220530142945 version or higher.
□ Reference
[1] http://www.neoinfosys.com/
□ Acknowledgements
o Thanks to YoungWoo KWON for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀