CVE-2023-5719

Name of the Vulnerable Software and Affected Versions The Crimson 3.2

Description The issue arises when the Windows-based configuration tool is used to define new passwords for users, and these passwords contain the percent (%) character. This can lead to invalid values being included, potentially truncating the string if a NUL is encountered. As a result, if the simplified password is not detected by the administrator, the device might be left in a vulnerable state due to more easily compromised credentials. It's noted that passwords entered via the Crimson system web server do not suffer from this issue.

Recommendations For The Crimson 3.2, avoid using passwords that contain the percent (%) character until a fix is available. As a temporary workaround, consider manually reviewing and verifying all passwords defined through the Windows-based configuration tool to ensure they do not contain the percent character, which could lead to compromised credentials.