CVE-2022-32967

RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.1 LOW
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
twcertCNA
2.1 LOW
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
VendorProductVersion
realtekrtl8111ep-cg_firmware
𝑥
≤ 3.0.0.2019090
realtekrtl8111ep-cg_firmware
5.0.10
realtekrtl8111fp-cg_firmware
𝑥
≤ 3.0.0.2019090
realtekrtl8111fp-cg_firmware
5.0.10
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.twcert.org.tw/tw/cp-132-6740-ba9bd-1.html
https://www.twcert.org.tw/tw/cp-132-6740-ba9bd-1.html