CVE-2022-40266

Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.

Published: Nov 24, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-40266
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
mitsubishielectric / got2000_gt27_firmware	-	01.39.000.x
mitsubishielectric / got2000_gt25_firmware	-	01.39.000.x
mitsubishielectric / got2000_gt23_firmware	-	01.39.000.x

https://jvn.jp/vu/JVNVU95633416
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf

Vulnerability Database

290,020

CVE-2022-40266