cvedb.io
CVE-2022-2102
CRITICAL · CVSS 9.4
EPSS exploitation probability: 0%
Published 2022-06-24T15:15:10.450 · Last modified 2026-06-17T04:41:17.120

Summary

Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in the sequence, allowing for arbitrary file upload into a location where PHP scripts may be executed.

Affected products

secheron — sepcos_control_and_protection_relay_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when secheron ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.