CVE-2022-24657

Опубликовано: 20 июл. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow attackers to remotely connect via the SSH protocol (port 22).

Ссылки

https://github.com/goldshellminer/firmware
Third Party Advisory
https://jamesachambers.com/cryptocurrency-asic-miners-security-and-hacking-audit/
Exploit
Mitigation
Third Party Advisory
https://github.com/goldshellminer/firmware
Third Party Advisory
https://jamesachambers.com/cryptocurrency-asic-miners-security-and-hacking-audit/
Exploit
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:goldshell:goldshell_miner_firmware:*:*:*:*:*:*:*:*

Версия от 2.0.0 (включая) до 2.2.1 (включая)

EPSS

Процентиль: 60%

0.00398

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-798

Связанные уязвимости

GHSA-mw5h-pmch-3mmm