Rigol · Rigol Mso5000 · CVE-2023-38378
**Name of the Vulnerable Software and Affected Versions**
RIGOL MSO5000 digital oscilloscope version 00.01.03.00.03
**Description**
The issue allows remote attackers to execute arbitrary code via shell metacharacters in `pass1` to the "webcontrol changepwd.cgi" application. This is a problem with the web interface.
**Recommendations**
For version 00.01.03.00.03, consider disabling access to the "webcontrol changepwd.cgi" application until a fix is available. Restrict input for the `pass1` variable to prevent shell metacharacter injection. At the moment, there is no information about a newer version that contains a fix for this issue.