CVE-2022-31395 – This vulnerability allows attackers to perform ... (How to Fix)

Q: What is the severity of CVE-2022-31395?

CVE-2022-31395 has a CVSS score of 8.8 (HIGH). This vulnerability allows attackers to perform directory traversal attacks on Algo Communication Products Ltd. 8373 IP Zone Paging Adapter devices. Attackers can access arbitrary files on the system by sending specially crafted web requests to the /fm-data.lua endpoint. Organizations using these devices with vulnerable firmware are affected.

📋 TL;DR

This vulnerability allows attackers to perform directory traversal attacks on Algo Communication Products Ltd. 8373 IP Zone Paging Adapter devices. Attackers can access arbitrary files on the system by sending specially crafted web requests to the /fm-data.lua endpoint. Organizations using these devices with vulnerable firmware are affected.

💻 Affected Systems

Products:

Algo Communication Products Ltd. 8373 IP Zone Paging Adapter

Versions: Firmware version 1.7.6

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running the vulnerable firmware version are affected regardless of configuration.

📦 What is this software?

8373 Ip Zone Paging Adapter Firmware by Algosolutions

View all CVEs affecting 8373 Ip Zone Paging Adapter Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to read sensitive files, modify device configuration, or potentially execute arbitrary code leading to device takeover.

🟠

Likely Case

Unauthorized access to sensitive configuration files, credentials, or system information that could enable further attacks.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external exploitation.

🌐 Internet-Facing: HIGH - Web interface is typically exposed and vulnerable to unauthenticated attacks.

🏢 Internal Only: HIGH - Even internally, the vulnerability can be exploited by malicious insiders or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only web access to the device and knowledge of the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor for latest firmware version

Vendor Advisory: https://www.algosolutions.com/security-advisories/

Restart Required: Yes

Instructions:

1. Log into device web interface
2. Navigate to firmware update section
3. Download latest firmware from vendor portal
4. Upload and apply firmware update
5. Reboot device after update completes

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict network access to the device web interface

iptables -A INPUT -p tcp --dport 80 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

Web Interface Disable

linux

Disable web interface if not required for operations

service httpd stop
chkconfig httpd off

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected devices from untrusted networks
Deploy web application firewall (WAF) rules to block directory traversal patterns

🔍 How to Verify

Check if Vulnerable:

Check firmware version in web interface under System > Firmware or via SSH using 'cat /etc/version'

Check Version:

cat /etc/version || grep firmware /web/config

Verify Fix Applied:

Verify firmware version is updated beyond 1.7.6 and test /fm-data.lua endpoint with traversal attempts

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /fm-data.lua with ../ patterns
Unauthorized file access attempts in system logs

Network Indicators:

HTTP requests containing directory traversal sequences (../, ..\, etc.) to port 80/443

SIEM Query:

source="web_logs" AND (uri="/fm-data.lua" AND (request CONTAINS "../" OR request CONTAINS "..\\"))

📊 Metadata

CVE ID: CVE-2022-31395

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: June 23, 2022

Last Updated: November 21, 2024

🔗 References

https://n0ur5sec.medium.com/achievement-unlocked-cve-2022-31395-33299f32cc00 Exploit,Third Party Advisory
https://n0ur5sec.medium.com/achievement-unlocked-cve-2022-31395-33299f32cc00 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-31395, you might also want to check these: