This issue is rated as High severity due to the possibility to exploit it to perform remote command execution, or gain elevated privileges on the affected device. In addition, this vulnerability can be exploited by remote attackers to conduct man-in-the-middle attacks and spy on the affected device.
X-Force research team discovered that Smart eVision has improper privilege management which can be exploited by remote attackers to conduct malicious activities such as remote code execution, session hijacking, or information steal. X-Force tested various versions of this software, and found that version 7.2.1 has this critical privilege management vulnerability. This version is widely used in public places like hotels, airports, coffee shops, etc. Therefore, if you are using this software in public places, we recommend you update to the latest version as soon as possible.
Summary
Smart eVision software has a privilege management vulnerability that can be exploited to perform remote code execution, session hijacking, information steal. The vulnerable version is 7.2.1 and it is widely used in public places like hotels, airports, coffee shops, etc.
Summary:
A flaw was found in Smart eVision software which may allow an attacker to exploit the software to perform remote code execution or gain elevated privileges on the affected device. In addition, this vulnerability can be exploited by remote attackers to conduct man-in-the-middle attacks and spy on the affected device. It affects Smart eVision versions 7.2.1 which is widely used in public places such as hotels, airports, coffee shops etc
Check if your device is vulnerable to CVE-2022 -39032
You can check if your device is vulnerable to this vulnerability by following the steps below:
1. Open "Settings" app on your device
2. Tap "Device Administration"
3. Check if "Smart eVision Device Management" is turned on
4. If you see at least one of the devices listed, it means that you have enabled Smart eVision Device Management, and are vulnerable to this vulnerability
Vulnerability Details
CVE-2022-39032 is a privilege management vulnerability in Smart eVision 7.2.1 software that can be exploited by attackers to perform unauthorized actions on the affected device. It is possible for an attacker to exploit this vulnerability through multiple methods, such as man-in-the-middle attack or spy on the affected device.
How to update the software
In order to update this software, please follow these steps:
1. Download Smart eVision 7.2.1 from the official website of smartevision.com
2. Unzip Smart eVision 7.2.1 on your computer and double-click on the zip file
3. Follow the instructions in the window to install the software
4. When installation is finished, reboot your computer
5. Run Smart eVision and check if new version is properly installed
Timeline
Published on: 09/28/2022 04:15:00 UTC
Last modified on: 09/28/2022 23:45:00 UTC