CVE-2022-45914

Published: Nov 27, 2022

Modified: Apr 29, 2025

PUBLISHED

Description

The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows attackers to change label values via 433 MHz RF signals, as demonstrated by disrupting the organization of a hospital storage unit, or changing retail pricing.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.youtube.com/watch?v=FQRMNjZVlHg

20221208 SEC Consult SA-20221201-0 :: Replay attacks & Displaying arbitrary contents in Zhuhai Suny Technology ESL Tag / ETAG-TECH protocol (electronic shelf labels)

mailing-list

http://packetstormsecurity.com/files/170177/Zhuhai-Suny-Technology-ESL-Tag-Forgery-Replay-Attacks.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-45914

Description

Affected Products

References