CVE-2023-38379

The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to change the admin password via a zero-length pass0 to the webcontrol changepwd.cgi application, i.e., the entered password only needs to match the first zero characters of the saved password.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
rigolmso5000_firmware
00.01.03.00.03
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://news.ycombinator.com/item?id=36745664
https://tortel.li/post/insecure-scope/
https://news.ycombinator.com/item?id=36745664
https://tortel.li/post/insecure-scope/