CVE-2022-32967

Published: Nov 29, 2022Modified: Nov 21, 2024

2.1

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Exploitability: 0.7 / Impact: 1.4

Source: twcert@cert.org.tw (Secondary)

Description

RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information.

Affected (4)

Products: Realtek: Rtl8111ep Cg Firmware, Rtl8111fp Cg Firmware

2 products

Rtl8111ep Cg Firmware

Rtl8111fp Cg Firmware

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Realtek Rtl8111ep Cg Firmware	Up to 3.0.0.2019090
Realtek Rtl8111ep Cg Firmware	Version 5.0.10

Running on/with	Platform Versions
Realtek Rtl8111ep Cg	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Realtek Rtl8111fp Cg Firmware	Up to 3.0.0.2019090
Realtek Rtl8111fp Cg Firmware	Version 5.0.10

Running on/with	Platform Versions
Realtek Rtl8111fp Cg	All versions

Related CWEs

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://www.twcert.org.tw/tw/cp-132-6740-ba9bd-1.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-6740-ba9bd-1.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.