- What is the severity of CVE-2022-1039?
- CVE-2022-1039 has been scored as a critical severity vulnerability.
- How to fix CVE-2022-1039?
- As a workaround for remediating CVE-2022-1039: Red Lion notes the DA50N series product is at end-of-life and does not intend to release a software update to address these vulnerabilities. Users are encouraged to apply workarounds and mitigations or upgrade their device to DA50A and DA70A. Red Lion has provided the following workarounds to help mitigate the risk of these vulnerabilities: Do not install image files that are obtained from sources other than the official Red Lion website. When downloading images from Red Lion’s website, ensure the validity of the server’s TLS certificate. If package files or images are to be stored before deployment, ensure they are stored in a secure manner. Minimize the risk of unauthorized installation via SD card by limiting physical access to the device. Ensure the default UI password is changed to one meeting standard security practices. Change the admin, rlcuser and techsup account passwords from their default values. Disable the SSH service and keep the telnet service disabled if they are not required. Do not re‐use the same password for securing multiple resources. Limit access to configuration files that contain valuable credentials. Ensure the use of secure credentials when configuring optional services. Enable only the minimum set of optional services required for the application.
- Is CVE-2022-1039 being actively exploited in the wild?
- As for now, there are no information to confirm that CVE-2022-1039 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
- What software or system is affected by CVE-2022-1039?
- CVE-2022-1039 affects Red Lion DA50N.