CVE-2023-38378

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions RIGOL MSO5000 digital oscilloscope version 00.01.03.00.03

Description The issue allows remote attackers to execute arbitrary code via shell metacharacters in pass1 to the "webcontrol changepwd.cgi" application. This is a problem with the web interface.

Recommendations For version 00.01.03.00.03, consider disabling access to the "webcontrol changepwd.cgi" application until a fix is available. Restrict input for the pass1 variable to prevent shell metacharacter injection. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2023-38378

Affected Products

Rigol Mso5000

CVE-2023-38378

Weakness Enumeration

Related Identifiers

Affected Products

References · 5