CVE-2022-40939

Name: CVE-2022-40939
Creator: NVD / NIST
Published: 2022-12-08T17:15:10.493+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 4.9/10EPSS 0.44%

Last modified Jun 17, 2026

CVE-2022-40939 is a medium-severity vulnerability rated 4.9/10 on the CVSS scale. In certain Secustation products the administrator account password can be read. This affects V2.5.5.3116-S50-SMA-B20171107A, V2.3.4.1301-M20-TSA-B20150617A, V2.5.5.3116-S50-RXA-B20180502A, V2.5.5.3116-S50-SMA-B20190723A, V2.5.5.3116-S50-SMB-B20161012A, V2.3.4.2103-S50-NTD-B20170508B, V2.5.5.3116-S50-SMB-B20160601A, V2.5.5.2601-S50-TSA-B20151229A, and V2.5.5.3116-S50-SMA-B20170217.. EPSS estimates a 0.44% chance of exploitation in the next 30 days.

Description

In certain Secustation products the administrator account password can be read. This affects V2.5.5.3116-S50-SMA-B20171107A, V2.3.4.1301-M20-TSA-B20150617A, V2.5.5.3116-S50-RXA-B20180502A, V2.5.5.3116-S50-SMA-B20190723A, V2.5.5.3116-S50-SMB-B20161012A, V2.3.4.2103-S50-NTD-B20170508B, V2.5.5.3116-S50-SMB-B20160601A, V2.5.5.2601-S50-TSA-B20151229A, and V2.5.5.3116-S50-SMA-B20170217.

Metrics

CVSS 3.1

4.9/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

0.44%

35.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Secu	Secustation Firmware	2.3.4.1301-m20-tsa-b20150617a
Secu	Secustation Firmware	2.3.4.2103-s50-ntd-b20170508b
Secu	Secustation Firmware	2.5.5.2601-s50-tsa-b20151229a
Secu	Secustation Firmware	2.5.5.3116-s50-rxa-b20180502a
Secu	Secustation Firmware	2.5.5.3116-s50-sma-b20170217
Secu	Secustation Firmware	2.5.5.3116-s50-sma-b20171107a
Secu	Secustation Firmware	2.5.5.3116-s50-sma-b20190723a
Secu	Secustation Firmware	2.5.5.3116-s50-smb-b20160601a
Secu	Secustation Firmware	2.5.5.3116-s50-smb-b20161012a

References

https://cdsbz.gitbook.io/untitled/secustion-camera-vulnerability-recurrenceExploit, Third Party Advisory
https://cdsbz.gitbook.io/untitled/secustion-camera-vulnerability-recurrenceExploit, Third Party Advisory

Timeline

Published: Dec 8, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-40939?

How severe is CVE-2022-40939?

CVE-2022-40939 has a CVSS score of 4.9/10 (MEDIUM severity). The EPSS model estimates a 0.44% probability of exploitation in the next 30 days.

How do I fix CVE-2022-40939?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-40939?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST