Home

Description

The firmware update mechanism does not include cryptographic signature validation. This allows anyone with access to the firmware update capability to upload arbitrary files which can then lead to arbitrary code execution.

PUBLISHED Reserved 2026-01-06 | Published 2026-07-13 | Updated 2026-07-13 | Assigner DIVD




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Problem types

CWE-347

Product status

Default status
unaffected

Any version before 1.5.1
affected

Credits

Wilco van Beijnum (ElaadNL) finder

Jeroen van der Ham-de Vos (DIVD) analyst

References

csirt.divd.nl/DIVD-2026-00001/ third-party-advisory

cve.org (CVE-2026-22097)

nvd.nist.gov (CVE-2026-22097)

Download JSON