CVE-2022-34534
Published: 19 July 2022
Summary
CVE-2022-34534 is a high-severity an unspecified weakness vulnerability in Dw Spectrum Server Firmware. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 3.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2022-34534 is an information disclosure vulnerability in Digital Watchdog DW Spectrum Server 4.2.0.32842. The flaw permits access to sensitive information through a specially crafted API call, as reflected in its CVSS 3.1 score of 7.5 with a network attack vector, low complexity, and no authentication or user interaction requirements.
Unauthenticated remote attackers can exploit the issue over the network to retrieve confidential data from the affected server component. The EPSS score stands at 0.2888 with an identical recorded peak, indicating moderate exploitation probability without evidence of a rising trajectory after disclosure.
Public references consist of technical proof-of-concept material hosted on gist.github.com, but no vendor advisory, patch details, or mitigation guidance is provided in the available inputs.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-37487
Vulnerability details
Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API call.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.