CVE-2022-50981 PUBLISHED

Multiple Innomic VibroLine VLX HD 5.0 and avibia AVLX weak password requirements

Assigner: CERTVDE
Reserved: 12.01.2026 Published: 02.02.2026 Updated: 02.02.2026

An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 9.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Innomic
Product	VibroLine VLX1 HD 5.0
Versions	Default: unaffected affected from 2.1.1340 to 2.1.1387 (incl.) Version 2.1.1866 is affected

Vendor	Innomic
Product	VibroLine VLX2 HD 5.0
Versions	Default: unaffected affected from 2.1.1340 to 2.1.1387 (incl.) Version 2.1.1866 is affected

Vendor	Innomic
Product	VibroLine VLX4 HD 5.0
Versions	Default: unaffected affected from 2.1.1340 to 2.1.1387 (incl.) Version 2.1.1866 is affected

Vendor	Innomic
Product	VibroLine VLX6 HD 5.0
Versions	Default: unaffected affected from 2.1.1340 to 2.1.1387 (incl.) Version 2.1.1866 is affected

Vendor	Innomic
Product	VibroLine VLX8 HD 5.0
Versions	Default: unaffected affected from 2.1.1340 to 2.1.1387 (incl.) Version 2.1.1866 is affected

Vendor	avibia
Product	AvibiaLine AVLX1 HD 5.0
Versions	Default: unaffected affected from 2.1.1340 to 2.1.1387 (incl.) Version 2.1.1866 is affected

Vendor	avibia
Product	AvibiaLine AVLX2 HD 5.0
Versions	Default: unaffected affected from 2.1.1340 to 2.1.1387 (incl.) Version 2.1.1866 is affected

Vendor	avibia
Product	AvibiaLine AVLX4 HD 5.0
Versions	Default: unaffected affected from 2.1.1340 to 2.1.1387 (incl.) Version 2.1.1866 is affected

Vendor	avibia
Product	AvibiaLine AVLX6 HD 5.0
Versions	Default: unaffected affected from 2.1.1340 to 2.1.1387 (incl.) Version 2.1.1866 is affected

Vendor	avibia
Product	AvibiaLine AVLX8 HD 5.0
Versions	Default: unaffected affected from 2.1.1340 to 2.1.1387 (incl.) Version 2.1.1866 is affected

Vendor	Innomic
Product	VibroLine VLE1 HD 5.0
Versions	Default: unaffected unaffected from 2.1.1340 to 2.1.1387 (incl.)

Vendor	Innomic
Product	VibroLine VLE2 HD 5.0
Versions	Default: unaffected unaffected from 2.1.1340 to 2.1.1387 (incl.)

Vendor	Innomic
Product	VibroLine VLE4 HD 5.0
Versions	Default: unaffected unaffected from 2.1.1340 to 2.1.1387 (incl.)

Vendor	Innomic
Product	VibroLine VLE6 HD 5.0
Versions	Default: unaffected unaffected from 2.1.1340 to 2.1.1387 (incl.)

Vendor	Innomic
Product	VibroLine VLE8 HD 5.0
Versions	Default: unaffected unaffected from 2.1.1340 to 2.1.1387 (incl.)

Vendor	avibia
Product	AvibiaLine AVLE1 HD 5.0
Versions	Default: unaffected unaffected from 2.1.1340 to 2.1.1387 (incl.) Version 2.1.1866 is unaffected

Vendor	avibia
Product	AvibiaLine AVLE2 HD 5.0
Versions	Default: unaffected unaffected from 2.1.1340 to 2.1.1387 (incl.) Version 2.1.1866 is unaffected

Vendor	avibia
Product	AvibiaLine AVLE4 HD 5.0
Versions	Default: unaffected unaffected from 2.1.1340 to 2.1.1387 (incl.) Version 2.1.1866 is unaffected

Vendor	avibia
Product	AvibiaLine AVLE6 HD 5.0
Versions	Default: unaffected unaffected from 2.1.1340 to 2.1.1387 (incl.) Version 2.1.1866 is unaffected

Vendor	avibia
Product	AvibiaLine AVLE8 HD 5.0
Versions	Default: unaffected unaffected from 2.1.1340 to 2.1.1387 (incl.) Version 2.1.1866 is unaffected

Vendor	Innomic
Product	VibroLine VLE1 HD 5.0
Versions	Default: unaffected Version 2.1.1866 is unaffected

Vendor	Innomic
Product	VibroLine VLE2 HD 5.0
Versions	Default: unaffected Version 2.1.1866 is unaffected

Vendor	Innomic
Product	VibroLine VLE4 HD 5.0
Versions	Default: unaffected Version 2.1.1866 is unaffected

Vendor	Innomic
Product	VibroLine VLE6 HD 5.0
Versions	Default: unaffected Version 2.1.1866 is unaffected

Vendor	Innomic
Product	VibroLine VLE8 HD 5.0
Versions	Default: unaffected Version 2.1.1866 is unaffected

Vendor	Innomic
Product	VibroLine VLE1 HD 4.0
Versions	Default: unaffected unaffected from 1.4.1074 to 1.4.1116 (incl.)

Vendor	Innomic
Product	VibroLine VLE2 HD 4.0
Versions	Default: unaffected unaffected from 1.4.1074 to 1.4.1116 (incl.)

Vendor	Innomic
Product	VibroLine VLE4 HD 4.0
Versions	Default: unaffected unaffected from 1.4.1074 to 1.4.1116 (incl.)

Vendor	Innomic
Product	VibroLine VLE6 HD 4.0
Versions	Default: unaffected unaffected from 1.4.1074 to 1.4.1116 (incl.)

Vendor	Innomic
Product	VibroLine VLE8 HD 4.0
Versions	Default: unaffected unaffected from 1.4.1074 to 1.4.1116 (incl.)

Vendor	Innomic
Product	VibroLine VLX1 HD 4.0
Versions	Default: unaffected unaffected from 1.5.1074 to 1.5.1116 (incl.)

Vendor	Innomic
Product	VibroLine VLX2 HD 4.0
Versions	Default: unaffected unaffected from 1.5.1074 to 1.5.1116 (incl.)

Vendor	Innomic
Product	VibroLine VLX4 HD 4.0
Versions	Default: unaffected unaffected from 1.5.1074 to 1.5.1116 (incl.)

Vendor	Innomic
Product	VibroLine VLX6 HD 4.0
Versions	Default: unaffected unaffected from 1.5.1074 to 1.5.1116 (incl.)

Vendor	Innomic
Product	VibroLine VLX8 HD 4.0
Versions	Default: unaffected unaffected from 1.5.1074 to 1.5.1116 (incl.)

References

Problem Types

CWE-306 Missing Authentication for Critical Function CWE