Remote Access Vulnerability in Innomic Devices
CVE-2022-50975

8.8HIGH

Key Information:

Vendor: Innomic
Status: Vibroline Vlx1 Hd 5.0; Vibroline Vlx2 Hd 5.0; Vibroline Vlx4 Hd 5.0; Vibroline Vlx6 Hd 5.0
Vendor: CVE Published:; 2 February 2026

What is CVE-2022-50975?

An unauthenticated remote attacker can exploit a flaw in Innomic devices, allowing them to leverage an existing session ID of a logged-in user. If ethernet configuration is enabled, this vulnerability can provide the attacker with full access to the device, potentially leading to unauthorized control and data exposure. Users are encouraged to review their device settings and apply security best practices to mitigate this risk.

Affected Version(s)

AvibiaLine AVLX1 HD 5.0 2.1.1340 <= 2.1.1387

AvibiaLine AVLX2 HD 5.0 2.1.1340 <= 2.1.1387

AvibiaLine AVLX4 HD 5.0 2.1.1340 <= 2.1.1387

References

https://www.innomic.com/.well-known/csaf/white/2026/ids-2...

vendor-advisory

https://www.innomic.com/.well-known/csaf/white/2026/ids-2...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 2, 2026
Vulnerability Reserved
Jan 12, 2026

CVE-2022-50975 Data

JSON