What is CVE-2022-37122?

CVE-2022-37122 is a vulnerability in N/a. Published 2022-08-31.

Is CVE-2022-37122 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2022-37122

Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter t…

EPSS: 0.709 (98.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

bughuntar/CVE-2022-37122-Exploit
20142995/nuclei-templates
ARPSyndicate/cve-scores
cyb3r-w0lf/nuclei-template-collection

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5709.php (x_refsource_MISC)
www.zeroscience.mk/codes/carelpco_dir.txt (x_refsource_MISC)
packetstormsecurity.com/files/167684/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-37122?: CVE-2022-37122 is a vulnerability in N/a. Published 2022-08-31.
Is CVE-2022-37122 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.