CVE-2022-24693

Published: Mar 30, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)

Affected (2)

Products: Baicells: Nova436q Firmware, Neutrino 430 Firmware

2 products

Nova436q Firmware

Neutrino 430 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Baicells Nova436q Firmware	Up to qrtb_2.7.8

Running on/with	Platform Versions
Baicells Nova436q	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Baicells Neutrino 430 Firmware	Up to qrtb_2.7.8

Running on/with	Platform Versions
Baicells Neutrino 430	All versions

Related CWEs

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (6)

https://github.com/lukejenkins/CVE-2022-24693

Source: cve@mitre.org

Third Party Advisory

https://img.baicells.com/Upload/20210909/FILE/98d2752f-6e83-49b1-9dab-d291e9023db6.pdf

Source: cve@mitre.org

Release NotesThird Party Advisory

https://na.baicells.com/Service/Firmware

Source: cve@mitre.org

Vendor Advisory

https://github.com/lukejenkins/CVE-2022-24693

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://img.baicells.com/Upload/20210909/FILE/98d2752f-6e83-49b1-9dab-d291e9023db6.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://na.baicells.com/Service/Firmware

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.