Vulnerabilities > CVE-2023-38379 - Unspecified vulnerability in Rigol Mso5000 Firmware 00.01.03.00.03

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

rigol

NVD

Published: 2023-07-16

Updated: 2024-10-30

Summary

The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to change the admin password via a zero-length pass0 to the webcontrol changepwd.cgi application, i.e., the entered password only needs to match the first zero characters of the saved password.

Vulnerable Configurations

Part	Description	Count
OS	Rigol Rigol Mso5000 Firmware 00.01.03.00.03	1
Hardware	Rigol Rigol Mso5000 -	1

References

https://tortel.li/post/insecure-scope/
https://news.ycombinator.com/item?id=36745664