Vulnerabilities > CVE-2021-38759 - Insecure Default Initialization of Resource vulnerability in Raspberrypi Raspberry PI OS Lite 5.10
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, attackers can gain administrator privileges.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 2 |
Common Weakness Enumeration (CWE)
References
- https://www.raspberrypi.com/documentation/computers/configuration.html#change-the-default-password
- https://www.cnvd.org.cn/flaw/show/CNVD-2021-43968
- http://packetstormsecurity.com/files/165211/Raspberry-Pi-5.10-Default-Credentials.html
- https://arstechnica.com/gadgets/2022/04/raspberry-pi-os-axes-longstanding-default-user-account-in-the-name-of-security/