CVE-2022-32967

EUVD-2022-36033
RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.1 LOW
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
twcertCNA
2.1 LOW
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
Affected Products (NVD)
VendorProductVersion
realtekrtl8111ep-cg_firmware
𝑥
≤ 3.0.0.2019090
realtekrtl8111ep-cg_firmware
5.0.10
realtekrtl8111fp-cg_firmware
𝑥
≤ 3.0.0.2019090
realtekrtl8111fp-cg_firmware
5.0.10
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.twcert.org.tw/tw/cp-132-6740-ba9bd-1.html
https://www.twcert.org.tw/tw/cp-132-6740-ba9bd-1.html