← Zuruck zu CVEs
CVE-2023-38378
CRITICAL9.8
Beschreibung
The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to execute arbitrary code via shell metacharacters in pass1 to the webcontrol changepwd.cgi application.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht7/16/2023
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
rigol:mso5000rigol:mso5000_firmware
Schwachen (CWE)
CWE-78
Referenzen
https://news.ycombinator.com/item?id=36745664(cve@mitre.org)
https://tortel.li/post/insecure-scope/(cve@mitre.org)
https://news.ycombinator.com/item?id=36745664(af854a3a-2127-422b-91ae-364da2661108)
https://tortel.li/post/insecure-scope/(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.