Lucene search

MitreCVE-2023-38379

HistoryJul 16, 2023 - 5:15 p.m.

CVE-2023-38379

2023-07-1617:15:09

mitre

web.nvd.nist.gov

rigol

mso5000

oscilloscope

web interface

firmware

vulnerability

cve-2023-38379

password change

remote access

security issue

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

45.9%

JSON

The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to change the admin password via a zero-length pass0 to the webcontrol changepwd.cgi application, i.e., the entered password only needs to match the first zero characters of the saved password.

Affected configurations

Nvd

Node

rigolmso5000_firmwareMatch00.01.03.00.03

AND

rigolmso5000Match-

VendorProductVersionCPE
rigolmso5000_firmware00.01.03.00.03cpe:2.3:o:rigol:mso5000_firmware:00.01.03.00.03:*:*:*:*:*:*:*
rigolmso5000-cpe:2.3:h:rigol:mso5000:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rigol	mso5000_firmware	00.01.03.00.03	cpe:2.3:o:rigol:mso5000_firmware:00.01.03.00.03:::::::*
rigol	mso5000	-	cpe:2.3:h:rigol:mso5000:-:::::::*

References

news.ycombinator.com/item?id=36745664

tortel.li/post/insecure-scope/

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

45.9%

JSON

Related for CVE-2023-38379