CVE-2022-28223

moderate-risk
Published 2022-03-30

Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin.

Do I need to act?

-
0.83% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.1/10 Critical
NETWORK / LOW complexity

Affected Products (8)

Kio Firmware
Kio-1M Firmware
Kio-2Mrs Firmware
Kio-2M Firmware
Kio-2Ms Firmware
Kio-2Md Firmware
Kio-8\(4\) Firmware
Kio-8\(4\)L Firmware

Affected Vendors

Tekon

References (2)

https://medium.com/%40bertinjoseb/post-auth-rce-based-in-malicious-lua-plugin-sc...
https://medium.com/%40bertinjoseb/post-auth-rce-based-in-malicious-lua-plugin-sc...
48
/ 100
moderate-risk
Severity 31/34 · Critical
Exploitability 3/34 · Minimal
Exposure 14/34 · Moderate