PT-2023-26389 · Rigol · Rigol Mso5000

Tortel.Li

Publicado

2023-07-16

Atualizado

2023-07-26

CVE-2023-38378

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions RIGOL MSO5000 digital oscilloscope version 00.01.03.00.03

Description The issue allows remote attackers to execute arbitrary code via shell metacharacters in pass1 to the "webcontrol changepwd.cgi" application. This is a problem with the web interface.

Recommendations For version 00.01.03.00.03, consider disabling access to the "webcontrol changepwd.cgi" application until a fix is available. Restrict input for the pass1 variable to prevent shell metacharacter injection. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2023-38378

Produtos afetados

Rigol Mso5000

PT-2023-26389 · Rigol · Rigol Mso5000

CVE-2023-38378

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5