CVE-2026-22097
Missing firmware validation allows remote code execution
Vexday Risk Score
25Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 9.3EPSS —KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
13 jul 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The firmware update mechanism does not include cryptographic signature validation. This allows anyone with access to the firmware update capability to upload arbitrary files which can then lead to arbitrary code execution.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
Productos afectados
EVbee · DC-80Referencias
https://csirt.divd.nl/DIVD-2026-00001/