CVE-2022-43442

Plaintext storage of a password vulnerability exists in +F FS040U software versions v2.3.4 and earlier, which may allow an attacker to obtain the login password of +F FS040U and log in to the management console.

Weakness

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Affected Software

Potential Mitigations

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/102.html
• https://cwe.mitre.org/data/definitions/474.html
• https://cwe.mitre.org/data/definitions/50.html
• https://cwe.mitre.org/data/definitions/509.html
• https://cwe.mitre.org/data/definitions/551.html
• https://cwe.mitre.org/data/definitions/555.html
• https://cwe.mitre.org/data/definitions/560.html
• https://cwe.mitre.org/data/definitions/561.html
• https://cwe.mitre.org/data/definitions/600.html
• https://cwe.mitre.org/data/definitions/644.html
• https://cwe.mitre.org/data/definitions/645.html
• https://cwe.mitre.org/data/definitions/652.html
• https://cwe.mitre.org/data/definitions/653.html

References

• https://jvn.jp/en/jp/JVN74285622/index.html
• https://www.fsi.co.jp/mobile/plusF/news/22102801.html
• https://www.fsi.co.jp/mobile/plusF/news/22102802.html
• https://www.fsi.co.jp/mobile/plusF/news/22102803.html
• https://www.fsi.co.jp/mobile/plusF/news/22102804.html
• https://jvn.jp/en/jp/JVN74285622/index.html
• https://www.fsi.co.jp/mobile/plusF/news/22102801.html
• https://www.fsi.co.jp/mobile/plusF/news/22102802.html
• https://www.fsi.co.jp/mobile/plusF/news/22102803.html
• https://www.fsi.co.jp/mobile/plusF/news/22102804.html