CVE-2022-36158

Name: CVE-2022-36158
Creator: NVD / NIST
Published: 2022-09-26T11:15:09.483+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8/10EPSS 1.43%

Last modified Jun 17, 2026

CVE-2022-36158 is a high-severity vulnerability rated 8/10 on the CVSS scale. Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page (/usr/www/ja/mnt_cmd.cgi).. EPSS estimates a 1.43% chance of exploitation in the next 30 days.

Description

Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page (/usr/www/ja/mnt_cmd.cgi).

Metrics

CVSS 3.1

8/10

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

1.43%

69.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Contec	Fxa3000 Firmware	<= 1.13.00
Contec	Fxa3020 Firmware	<= 1.13.00
Contec	Fxa3200 Firmware	<= 1.13.00
Contec	Fxa2000 Firmware	< 1.39.00

References

https://gist.github.com/Nwqda/aac33d1936d2b514a3268f145345abb4Broken Link, Third Party Advisory
https://jvn.jp/en/vu/JVNVU98305100/Patch, Third Party Advisory
https://samy.link/blog/contec-flexlan-fxa2000-and-fxa3000-series-vulnerability-repoExploit, Mitigation, Third Party Advisory
https://www.contec.com/products-services/computer-networking/flexlan-fx/fx-accesspoint/fxa3200/feature/#sectionProduct
https://gist.github.com/Nwqda/aac33d1936d2b514a3268f145345abb4Broken Link, Third Party Advisory
https://jvn.jp/en/vu/JVNVU98305100/Patch, Third Party Advisory
https://samy.link/blog/contec-flexlan-fxa2000-and-fxa3000-series-vulnerability-repoExploit, Mitigation, Third Party Advisory
https://www.contec.com/products-services/computer-networking/flexlan-fx/fx-accesspoint/fxa3200/feature/#sectionProduct

Timeline

Published: Sep 26, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-36158?

How severe is CVE-2022-36158?

CVE-2022-36158 has a CVSS score of 8/10 (HIGH severity). The EPSS model estimates a 1.43% probability of exploitation in the next 30 days.

How do I fix CVE-2022-36158?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-36158?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST