CVE-2022-24693 - OpenCVE

Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:C/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Baicells	Nova436q Nova436q Firmware Neutrino 430 Firmware Neutrino 430

Configuration 1 [-]

AND

cpe:2.3:o:baicells:nova436q_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:baicells:nova436q:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:baicells:neutrino_430_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:baicells:neutrino_430:-:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/lukejenkins/CVE-2022-24693	Third Party Advisory
https://img.baicells.com/Upload/20210909/FILE/98d2752f-6e83-49b1-9dab-d291e9023db6.pdf	Release Notes Third Party Advisory
https://na.baicells.com/Service/Firmware	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-03-30T01:43:18

Updated: 2022-03-30T01:43:18

Reserved: 2022-02-09T00:00:00

Link: CVE-2022-24693

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-03-30T02:15:08.960

Modified: 2022-04-07T16:08:03.983

Link: CVE-2022-24693

JSON object: View

Redhat Information

No data.

CWE

CWE-798

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-03-30T01:43:18", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://na.baicells.com/Service/Firmware"}, {"tags": ["x_refsource_MISC"], "url": "https://img.baicells.com/Upload/20210909/FILE/98d2752f-6e83-49b1-9dab-d291e9023db6.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/lukejenkins/CVE-2022-24693"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-24693", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://na.baicells.com/Service/Firmware", "refsource": "MISC", "url": "https://na.baicells.com/Service/Firmware"}, {"name": "https://img.baicells.com/Upload/20210909/FILE/98d2752f-6e83-49b1-9dab-d291e9023db6.pdf", "refsource": "MISC", "url": "https://img.baicells.com/Upload/20210909/FILE/98d2752f-6e83-49b1-9dab-d291e9023db6.pdf"}, {"name": "https://github.com/lukejenkins/CVE-2022-24693", "refsource": "MISC", "url": "https://github.com/lukejenkins/CVE-2022-24693"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-24693", "datePublished": "2022-03-30T01:43:18", "dateReserved": "2022-02-09T00:00:00", "dateUpdated": "2022-03-30T01:43:18", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:baicells:nova436q_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A946299-1B2C-47DC-A845-7EA1357971C0", "versionEndIncluding": "qrtb_2.7.8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:baicells:nova436q:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFF872E4-C1A1-4C60-B0CC-3958A99A7E6C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:baicells:neutrino_430_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0A759BD-7BA5-442B-85DD-9CFB2FD90244", "versionEndIncluding": "qrtb_2.7.8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:baicells:neutrino_430:-:*:*:*:*:*:*:*", "matchCriteriaId": "1F525B37-6593-4534-932D-89C7D28B3C10", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)"}, {"lang": "es", "value": "Los dispositivos Baicells Nova436Q y Neutrino 430 con versiones de firmware hasta QRTB 2.7.8, presentan credenciales embebidas que son f\u00e1cilmente detectadas, y pueden ser usadas por atacantes remotos para autenticarse por medio de ssh. (Las credenciales son almacenadas en el firmware, encriptadas por la funci\u00f3n crypt)"}], "id": "CVE-2022-24693", "lastModified": "2022-04-07T16:08:03.983", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-30T02:15:08.960", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/lukejenkins/CVE-2022-24693"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://img.baicells.com/Upload/20210909/FILE/98d2752f-6e83-49b1-9dab-d291e9023db6.pdf"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://na.baicells.com/Service/Firmware"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}