CVE-2022-24693

EPSS 3.27%
Veröffentlicht 30.03.2022 02:15:08
Zuletzt bearbeitet 21.11.2024 06:50:53
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Baicells ≫ Nova436q Firmware Version <= qrtb_2.7.8

Baicells ≫ Nova436q Version-

Baicells ≫ Neutrino 430 Firmware Version <= qrtb_2.7.8

Baicells ≫ Neutrino 430 Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.27%	0.868

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:C/I:N/A:N

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://github.com/lukejenkins/CVE-2022-24693

Third Party Advisory

https://img.baicells.com/Upload/20210909/FILE/98d2752f-6e83-49b1-9dab-d291e9023db6.pdf

Third Party Advisory

Release Notes

https://na.baicells.com/Service/Firmware

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-24693

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-24693

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-24693

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-24693