Vulnerabilities > CVE-2021-38759 - Insecure Default Initialization of Resource vulnerability in Raspberrypi Raspberry PI OS Lite 5.10
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, attackers can gain administrator privileges.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 2 |
Common Weakness Enumeration (CWE)
References
- https://www.raspberrypi.com/documentation/computers/configuration.html#change-the-default-password
- https://www.cnvd.org.cn/flaw/show/CNVD-2021-43968
- http://packetstormsecurity.com/files/165211/Raspberry-Pi-5.10-Default-Credentials.html
- https://arstechnica.com/gadgets/2022/04/raspberry-pi-os-axes-longstanding-default-user-account-in-the-name-of-security/