CVE-2022-24693 - OpenCVE

Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:C/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Baicells	Neutrino 430 Neutrino 430 Firmware Nova436q Nova436q Firmware

Configuration 1 [-]

AND

cpe:2.3:o:baicells:nova436q_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:baicells:nova436q:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:baicells:neutrino_430_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:baicells:neutrino_430:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/lukejenkins/CVE-2022-24693
https://img.baicells.com/Upload/20210909/FILE/98d2752f-6e83-49b1-9dab-d291e9023db6.pdf
https://na.baicells.com/Service/Firmware

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-03-30T01:43:18

Updated: 2024-08-03T04:20:50.191Z

Reserved: 2022-02-09T00:00:00

Link: CVE-2022-24693

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-03-30T02:15:08.960

Modified: 2022-04-07T16:08:03.983

Link: CVE-2022-24693

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-03-30T01:43:18", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://na.baicells.com/Service/Firmware"}, {"tags": ["x_refsource_MISC"], "url": "https://img.baicells.com/Upload/20210909/FILE/98d2752f-6e83-49b1-9dab-d291e9023db6.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/lukejenkins/CVE-2022-24693"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-24693", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://na.baicells.com/Service/Firmware", "refsource": "MISC", "url": "https://na.baicells.com/Service/Firmware"}, {"name": "https://img.baicells.com/Upload/20210909/FILE/98d2752f-6e83-49b1-9dab-d291e9023db6.pdf", "refsource": "MISC", "url": "https://img.baicells.com/Upload/20210909/FILE/98d2752f-6e83-49b1-9dab-d291e9023db6.pdf"}, {"name": "https://github.com/lukejenkins/CVE-2022-24693", "refsource": "MISC", "url": "https://github.com/lukejenkins/CVE-2022-24693"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:20:50.191Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://na.baicells.com/Service/Firmware"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://img.baicells.com/Upload/20210909/FILE/98d2752f-6e83-49b1-9dab-d291e9023db6.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/lukejenkins/CVE-2022-24693"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-24693", "datePublished": "2022-03-30T01:43:18", "dateReserved": "2022-02-09T00:00:00", "dateUpdated": "2024-08-03T04:20:50.191Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:baicells:nova436q_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A946299-1B2C-47DC-A845-7EA1357971C0", "versionEndIncluding": "qrtb_2.7.8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:baicells:nova436q:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFF872E4-C1A1-4C60-B0CC-3958A99A7E6C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:baicells:neutrino_430_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0A759BD-7BA5-442B-85DD-9CFB2FD90244", "versionEndIncluding": "qrtb_2.7.8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:baicells:neutrino_430:-:*:*:*:*:*:*:*", "matchCriteriaId": "1F525B37-6593-4534-932D-89C7D28B3C10", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)"}, {"lang": "es", "value": "Los dispositivos Baicells Nova436Q y Neutrino 430 con versiones de firmware hasta QRTB 2.7.8, presentan credenciales embebidas que son f\u00e1cilmente detectadas, y pueden ser usadas por atacantes remotos para autenticarse por medio de ssh. (Las credenciales son almacenadas en el firmware, encriptadas por la funci\u00f3n crypt)"}], "id": "CVE-2022-24693", "lastModified": "2022-04-07T16:08:03.983", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-30T02:15:08.960", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/lukejenkins/CVE-2022-24693"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://img.baicells.com/Upload/20210909/FILE/98d2752f-6e83-49b1-9dab-d291e9023db6.pdf"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://na.baicells.com/Service/Firmware"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}