CVE-2022-42787

Name: CVE-2022-42787
Creator: NVD / NIST
Published: 2022-11-10T12:15:10.927+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10EPSS 0.73%

Last modified Jun 17, 2026

CVE-2022-42787 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. EPSS estimates a 0.73% chance of exploitation in the next 30 days.

Description

Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be successful a user interaction is required.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Probability

0.73%

49.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Wut	At-Modem-Emulator Firmware	< 1.48
Wut	Com-Server \+\+ Firmware	< 1.48
Wut	Com-Server 20ma Firmware	< 1.48
Wut	Com-Server Highspeed 100basefx Firmware	< 1.76
Wut	Com-Server Highspeed 100baselx Firmware	< 1.76
Wut	Com-Server Highspeed 19\" 1port Firmware	< 1.76
Wut	Com-Server Highspeed 19\" 4port Firmware	< 1.76
Wut	Com-Server Highspeed Compact Firmware	< 1.76
Wut	Com-Server Highspeed Industry Firmware	< 1.76
Wut	Com-Server Highspeed Isolated Firmware	< 1.76
Wut	Com-Server Highspeed Oem Firmware	< 1.76
Wut	Com-Server Highspeed Office 1port Firmware	< 1.76
Wut	Com-Server Highspeed Office 4port Firmware	< 1.76
Wut	Com-Server Highspeed Poe Firmware	< 1.76
Wut	Com-Server Highspeed Lc Firmware	< 1.48
Wut	Com-Server Highspeed Ul Firmware	< 1.48
Wut	Com-Server Highspeed Poe 3x Isolated Firmware	< 1.48

References

https://cert.vde.com/de/advisories/VDE-2022-043Vendor Advisory
https://cert.vde.com/de/advisories/VDE-2022-043Vendor Advisory

Timeline

Published: Nov 10, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-42787?

How severe is CVE-2022-42787?

CVE-2022-42787 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 0.73% probability of exploitation in the next 30 days.

How do I fix CVE-2022-42787?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-42787?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST