Cyber Resilience

CVE-2022-34534

High

Published: 19 July 2022

Published
19 July 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.2888 96.7th percentile
Risk Priority 32 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-34534 is a high-severity an unspecified weakness vulnerability in Dw Spectrum Server Firmware. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 3.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2022-34534 is an information disclosure vulnerability in Digital Watchdog DW Spectrum Server 4.2.0.32842. The flaw permits access to sensitive information through a specially crafted API call, as reflected in its CVSS 3.1 score of 7.5 with a network attack vector, low complexity, and no authentication or user interaction requirements.

Unauthenticated remote attackers can exploit the issue over the network to retrieve confidential data from the affected server component. The EPSS score stands at 0.2888 with an identical recorded peak, indicating moderate exploitation probability without evidence of a rising trajectory after disclosure.

Public references consist of technical proof-of-concept material hosted on gist.github.com, but no vendor advisory, patch details, or mitigation guidance is provided in the available inputs.

EU & UK References

Vulnerability details

Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API call.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dw
spectrum server firmware
4.2.0.32842

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References