CVE-2022-35582: Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has ...

Description

Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the documentation. Knowing the credentials, attackers can use this feature to gain uncontrolled access to the device and therefore are considered an undocumented possibility for remote control.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.74%

50.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-798

Affected Software

Vendor	Product	Versions
Pentasecurity	Wapples	4.0.0
Pentasecurity	Wapples	5.0.0.0
Pentasecurity	Wapples	5.0.12.0

References

Timeline

Published: Sep 13, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-35582?

Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the documentation. Knowing the credentials, attackers can use this feature to gain uncontrolled access to the device and therefore are considered an undocumented possibility for remote control.

How severe is CVE-2022-35582?

CVE-2022-35582 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 0.74% probability of exploitation in the next 30 days.

How do I fix CVE-2022-35582?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.