CVE-2022-36782
CVE-2022-36782 is a medium-severity vulnerability in Pal-es Palgate with a CVSS 3.x base score of 5.9. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 3.x base score 5.9)
- EPSS exploit prediction: 0% (33rd percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Pal-es Palgate
- Published:
- Last modified:
Description
Pal Electronics Systems - Pal Gate Authorization Errors. The vulnerability is an authorization problem in PalGate device management android client app. Gates of bulidings and parking lots with a simple button in any smartphone. The API was found after a decompiling and static research using Jadx, and a dynamic analasys using Frida. The attacker can iterate over all the IOT devices to see every entry and exit, on every gate and device all over the world, he can also scrape the server and create a user's DB with full names and phone number of over 2.8 million users, and to see all of the users' movement in and out of gates, even in real time.
Frequently asked questions
- What is CVE-2022-36782?
- Pal Electronics Systems - Pal Gate Authorization Errors. The vulnerability is an authorization problem in PalGate device management android client app. Gates of bulidings and parking lots with a simple button in any smartphone. The API was found after a decompiling and static research using Jadx, and a dynamic analasys using Frida. The attacker can iterate over all the IOT devices to see every entry and exit, on every gate and device all over the world, he can also scrape the server and create a user's DB with full names and phone number of over 2.8 million users, and to see all of the users' movement in and out of gates, even in real time.
- How severe is CVE-2022-36782?
- CVE-2022-36782 has a CVSS 3.x base score of 5.9, rated medium severity. It is exploitable over an adjacent network with low attack complexity, requires low privileges and user interaction. Impact on confidentiality is low, integrity low, and availability low.
- Is CVE-2022-36782 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (33rd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2022-36782?
- CVE-2022-36782 affects Pal-es Palgate. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2022-36782?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2022-36782 published?
- CVE-2022-36782 was published on 2022-09-13 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:a:pal-es:palgate:-:*:*:*:*:android:*:*