HOMEVULNERABILITIESCVE-2022-27438
HIGH

CVE-2022-27438

CWE-494Published: June 6, 2022· Updated: Jul 9, 2026

8.1
CVSS v3.1

Official Description

Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check.

NVD Source

Technical Analysis

CVE-2022-27438 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.

The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.

A successful exploit results in complete confidentiality breach (data exposure), full integrity compromise (data manipulation), availability disruption (denial of service), with a CVSS base score of 8.1.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorNetwork
Attack ComplexityHigh
Privileges Req.None
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Vendors & Products

3cx2 product(s)
call flow designercrm template generator
boom1 product(s)
boomtv streamer portal
caphyon1 product(s)
advanced installer
codesector2 product(s)
direct foldersteracopy
emeditor1 product(s)
emeditor
flamory1 product(s)
flamory
freesnippingtool1 product(s)
free snipping tool
fxsound1 product(s)
fxsound
gainedge1 product(s)
better explorer
gamecaster1 product(s)
gamecaster
getmailbird1 product(s)
mailbird
guzogo1 product(s)
guzogo
honeygain1 product(s)
honeygain
jki1 product(s)
vi package manager
jpsoft1 product(s)
take command
krylack6 product(s)
archive password recoveryasterisks password decryptorburning suiterar password recoveryvolume serial number editorzip password recovery
moonsoftware1 product(s)
password agent
nefarius1 product(s)
scptoolkit
plagiarismcheckerx1 product(s)
plagiarism checker x
prusa3d1 product(s)
prusaslicer
Source: NVD CPE · 99 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

All References (4)

Quick Facts

CVE IDCVE-2022-27438
CVSS Score8.1 / 10
SeverityHIGH
WeaknessCWE-494
CISA KEVNo
Affected20 vendor(s)
PublishedJun 6, 2022

Related CVEs (CWE-494)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2022-27438 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.