Описание
Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)
Ссылки
- Third Party Advisory
- Release NotesThird Party Advisory
- Vendor Advisory
- Third Party Advisory
- Release NotesThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до qrtb_2.7.8 (включая)
Одновременно
cpe:2.3:o:baicells:nova436q_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:baicells:nova436q:-:*:*:*:*:*:*:*
Конфигурация 2Версия до qrtb_2.7.8 (включая)
Одновременно
cpe:2.3:o:baicells:neutrino_430_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:baicells:neutrino_430:-:*:*:*:*:*:*:*
EPSS
Процентиль: 79%
0.01281
Низкий
9.8 Critical
CVSS3
7.8 High
CVSS2
Дефекты
CWE-798
Связанные уязвимости
CVSS3: 9.8
github
почти 4 года назад
Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)
EPSS
Процентиль: 79%
0.01281
Низкий
9.8 Critical
CVSS3
7.8 High
CVSS2
Дефекты
CWE-798