← volver
CVE-2026-22097

Missing firmware validation allows remote code execution

CVSS 9.3 CRITICALCWE-347
Vexday Risk Score
25Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 9.3EPSS KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
13 jul 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The firmware update mechanism does not include cryptographic signature validation. This allows anyone with access to the firmware update capability to upload arbitrary files which can then lead to arbitrary code execution.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
Productos afectados
EVbee · DC-80