9.8

CVE-2023-2504





Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BirddogA300 Firmware Version3.4
   BirddogA300 Version-
BirddogMini Firmware Version2.6.2
   BirddogMini Version-
Birddog4k Quad Firmware Version4.5.181
   Birddog4k Quad Version-
Birddog4k Quad Firmware Version4.5.196
   Birddog4k Quad Version-
BirddogStudio R3 Firmware Version3.6.4
   BirddogStudio R3 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.06% 0.191
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ics-cert@hq.dhs.gov 8.4 2.5 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-11
Third Party Advisory
US Government Resource