Aggregates CVE and security vulnerability intelligence across all infiray-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk buffer overflow and related problems; some flaws may lead to vendor impact memory corruption, affecting vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-31211 | An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET by default. | [email protected] | 9.8 | 1.46% | 2022-07-17 | 2026-06-17 |
| CVE-2022-31210 | An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/set_param.cgi contains hardcoded credentials to the web application. Because these accounts cannot be deactivated or have their passwords changed, they are considered to be backdoor accounts. | [email protected] | 9.8 | 1.00% | 2022-07-17 | 2026-06-17 |
| CVE-2022-31209 | An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware contains a potential buffer overflow by calling strcpy() without checking the string length beforehand. | [email protected] | 9.8 | 1.15% | 2022-07-17 | 2026-06-17 |
| CVE-2022-31208 | An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmd_string URL parameter. | [email protected] | 8.8 | 1.30% | 2022-07-17 | 2026-06-17 |