Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)
References
Link | Resource |
---|---|
https://github.com/lukejenkins/CVE-2022-24693 | Third Party Advisory |
https://img.baicells.com/Upload/20210909/FILE/98d2752f-6e83-49b1-9dab-d291e9023db6.pdf | Release Notes Third Party Advisory |
https://na.baicells.com/Service/Firmware | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-03-30T01:43:18
Updated: 2022-03-30T01:43:18
Reserved: 2022-02-09T00:00:00
Link: CVE-2022-24693
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-30T02:15:08.960
Modified: 2022-04-07T16:08:03.983
Link: CVE-2022-24693
JSON object: View
Redhat Information
No data.
CWE