CVE-2022-40494

Source
https://cve.org/CVERecord?id=CVE-2022-40494
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-40494.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-40494
Published
2022-10-06T00:00:00Z
Modified
2026-07-15T01:49:07.114899465Z
Summary
[none]
Details

NPS before v0.26.10 was discovered to contain an authentication bypass vulnerability via constantly generating and sending the Auth key and Timestamp parameters.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/40xxx/CVE-2022-40494.json",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "fixed": "v0.26.10"
                }
            ],
            "source": "DESCRIPTION"
        }
    ],
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/ehang-io/nps

Affected ranges

Type
GIT
Repo
https://github.com/ehang-io/nps
Events
Database specific
{
    "cpe": "cpe:2.3:a:ehang-io:nps:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0.19.0"
        },
        {
            "last_affected": "0.26.10"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

v0.*
v0.19.0
v0.19.1
v0.19.2
v0.20.0
v0.20.1
v0.20.2
v0.21.0
v0.21.1
v0.21.2
v0.22.0
v0.22.1
v0.22.2
v0.22.3
v0.22.4
v0.22.5
v0.23.0
v0.23.1
v0.23.2
v0.24.0
v0.25.0
v0.25.1
v0.25.2
v0.25.3
v0.25.4
v0.26.0
v0.26.1
v0.26.10
v0.26.2
v0.26.3
v0.26.4
v0.26.5
v0.26.6
v0.26.7
v0.26.8
v0.26.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-40494.json"