Reliable power for a sustainable world

 

销售及服务热线:400 996 7770

 

新闻
2022年3月24日
Critical vulnerability TLStorm

Subject: CVE-2022-22805 – (CVSS 9.0) TLS buffer overflow, CVE-2022-22806 – (CVSS 9.0) TLS authentication bypass, CVE-2022-0715 – (CVSS 8.9) Unsigned firmware upgrade that can be updated over the network (RCE). 

CVE-2022-22805 – (CVSS 9.0) TLS buffer overflow: A memory corruption bug in packet reassembly (RCE). 

CVE-2022-22806 – (CVSS 9.0) TLS authentication bypass: A state confusion in the TLS handshake leads to authentication bypass, leading to remote code execution (RCE) using a network firmware upgrade. 

CVE-2022-0715 – (CVSS 8.9) Unsigned firmware upgrade that can be updated over the network (RCE). 

The firmware versions 2.xx and 3.xx, available for Netman 204 are not affected by CVE-2022-22805, CVE-2022-22806 and CVE-2022-0715.

Riello UPS ensures his customers that no one of the listed vulnerabilities affects Netman 204 network card and any its UPS as well.

 

Please click here or download the pdf for more information.