CVE-2023-38379

Name of the Vulnerable Software and Affected Versions RIGOL MSO5000 digital oscilloscope version 00.01.03.00.03

Description The issue allows remote attackers to change the admin password via a zero-length password to the "webcontrol changepwd.cgi" application. This means the entered password only needs to match the first zero characters of the saved password.

Recommendations For RIGOL MSO5000 digital oscilloscope version 00.01.03.00.03, consider disabling access to the webcontrol changepwd.cgi application until a patch is available. Restrict access to the admin interface to minimize the risk of exploitation. Avoid using the default admin password and ensure that all passwords are complex and not easily guessable.