Описание
The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to change the admin password via a zero-length pass0 to the webcontrol changepwd.cgi application, i.e., the entered password only needs to match the first zero characters of the saved password.
Ссылки
- Issue TrackingThird Party Advisory
- ExploitThird Party Advisory
- Issue TrackingThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:rigol:mso5000_firmware:00.01.03.00.03:*:*:*:*:*:*:*
cpe:2.3:h:rigol:mso5000:-:*:*:*:*:*:*:*
EPSS
Процентиль: 20%
0.00066
Низкий
7.5 High
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-306
Связанные уязвимости
CVSS3: 7.5
github
больше 2 лет назад
The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to change the admin password via a zero-length pass0 to the webcontrol changepwd.cgi application, i.e., the entered password only needs to match the first zero characters of the saved password.
EPSS
Процентиль: 20%
0.00066
Низкий
7.5 High
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-306