Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)
References
Link | Resource |
---|---|
https://github.com/lukejenkins/CVE-2022-24693 | Third Party Advisory |
https://img.baicells.com/Upload/20210909/FILE/98d2752f-6e83-49b1-9dab-d291e9023db6.pdf | Release Notes Third Party Advisory |
https://na.baicells.com/Service/Firmware | Vendor Advisory |
Configurations
History
07 Apr 2022, 16:08
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.8
v3 : 9.8 |
CWE | CWE-798 | |
CPE | cpe:2.3:o:baicells:nova436q_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:baicells:neutrino_430:-:*:*:*:*:*:*:* cpe:2.3:o:baicells:neutrino_430_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:baicells:nova436q:-:*:*:*:*:*:*:* |
|
References | (MISC) https://na.baicells.com/Service/Firmware - Vendor Advisory | |
References | (MISC) https://github.com/lukejenkins/CVE-2022-24693 - Third Party Advisory | |
References | (MISC) https://img.baicells.com/Upload/20210909/FILE/98d2752f-6e83-49b1-9dab-d291e9023db6.pdf - Release Notes, Third Party Advisory | |
First Time |
Baicells neutrino 430 Firmware
Baicells neutrino 430 Baicells nova436q Baicells nova436q Firmware Baicells |
30 Mar 2022, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-30 02:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-24693
Mitre link : CVE-2022-24693
CVE.ORG link : CVE-2022-24693
JSON object : View
Products Affected
baicells
- neutrino_430_firmware
- nova436q
- nova436q_firmware
- neutrino_430
CWE
CWE-798
Use of Hard-coded Credentials