CVE-2022-32967 - Vulnerability Details - OpenCVE

RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00076.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Realtek	Rtl8111ep-cg Rtl8111ep-cg Firmware Rtl8111fp-cg Rtl8111fp-cg Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:realtek:rtl8111ep-cg_firmware::::::::
	cpe:2.3:o:realtek:rtl8111ep-cg_firmware:5.0.10:::::::*

cpe:2.3:h:realtek:rtl8111ep-cg:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:realtek:rtl8111fp-cg_firmware::::::::
	cpe:2.3:o:realtek:rtl8111fp-cg_firmware:5.0.10:::::::*

cpe:2.3:h:realtek:rtl8111fp-cg:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-36033	RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information.

Fixes

Solution

Contact tech support from Realtek

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.twcert.org.tw/tw/cp-132-6740-ba9bd-1.html

History

Wed, 23 Apr 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: twcert

Published: 2022-11-29T03:30:27.572Z

Updated: 2025-04-23T14:33:40.929Z

Reserved: 2022-06-10T00:00:00.000Z

Link: CVE-2022-32967

Vulnrichment

Updated: 2024-08-03T07:54:03.438Z

NVD

Status : Modified

Published: 2022-11-29T04:15:10.407

Modified: 2024-11-21T07:07:19.910

Link: CVE-2022-32967

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-32967", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "datePublished": "2022-11-29T03:30:27.572Z", "dateUpdated": "2025-04-23T14:33:40.929Z", "dateReserved": "2022-06-10T00:00:00.000Z"}, "containers": {"cna": {"title": "Realtek RTL8111EP-CG/RTL8111FP-CG - Use of Hard-coded Credentials", "datePublic": "2022-11-29T00:00:00.000Z", "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2022-11-29T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information."}], "affected": [{"vendor": "Realtek", "product": "RTL8111EP-CG", "versions": [{"version": "unspecified", "lessThanOrEqual": "3.0.0.2019090", "status": "affected", "versionType": "custom"}, {"version": "5.0.10", "status": "affected"}]}, {"vendor": "Realtek", "product": "RTL8111FP-CG", "versions": [{"version": "unspecified", "lessThanOrEqual": "3.0.0.2019090", "status": "affected", "versionType": "custom"}, {"version": "5.0.10", "status": "affected"}]}], "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-6740-ba9bd-1.html"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "baseSeverity": "LOW"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-798 Use of Hard-coded Credentials", "cweId": "CWE-798"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "TVN-202209016", "discovery": "EXTERNAL"}, "solutions": [{"lang": "en", "value": "Contact tech support from Realtek"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:54:03.438Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-6740-ba9bd-1.html", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T14:33:22.899470Z", "id": "CVE-2022-32967", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T14:33:40.929Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-6740-ba9bd-1.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:54:03.438Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-32967", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-23T14:33:22.899470Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T14:33:29.597Z"}}], "cna": {"title": "Realtek RTL8111EP-CG/RTL8111FP-CG - Use of Hard-coded Credentials", "source": {"advisory": "TVN-202209016", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.1, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Realtek", "product": "RTL8111EP-CG", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "3.0.0.2019090"}, {"status": "affected", "version": "5.0.10"}]}, {"vendor": "Realtek", "product": "RTL8111FP-CG", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "3.0.0.2019090"}, {"status": "affected", "version": "5.0.10"}]}], "solutions": [{"lang": "en", "value": "Contact tech support from Realtek"}], "datePublic": "2022-11-29T00:00:00.000Z", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-6740-ba9bd-1.html"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2022-11-29T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-32967", "state": "PUBLISHED", "dateUpdated": "2025-04-23T14:33:40.929Z", "dateReserved": "2022-06-10T00:00:00.000Z", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "datePublished": "2022-11-29T03:30:27.572Z", "assignerShortName": "twcert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:realtek:rtl8111ep-cg_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9FA8CEB9-ECCE-49F9-B681-355F7C7E8D86", "versionEndIncluding": "3.0.0.2019090", "vulnerable": true}, {"criteria": "cpe:2.3:o:realtek:rtl8111ep-cg_firmware:5.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "8AD41590-F935-4436-AB30-51ABD7994263", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:realtek:rtl8111ep-cg:-:*:*:*:*:*:*:*", "matchCriteriaId": "3A0FE17D-EEAD-429F-8F45-B48D79AEE66D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:realtek:rtl8111fp-cg_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "798F35FF-351C-43B2-A7EF-828F2A4946D7", "versionEndIncluding": "3.0.0.2019090", "vulnerable": true}, {"criteria": "cpe:2.3:o:realtek:rtl8111fp-cg_firmware:5.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "1F43371D-9E6F-4984-B7F0-805B297F3978", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:realtek:rtl8111fp-cg:-:*:*:*:*:*:*:*", "matchCriteriaId": "75EF2626-4CB6-4F11-92D2-29519555B4D8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information."}, {"lang": "es", "value": "La funci\u00f3n DASH RTL8111EP-CG/RTL8111FP-CG tiene una contrase\u00f1a codificada. Un atacante f\u00edsico no autenticado puede utilizar la contrase\u00f1a predeterminada codificada durante el reinicio del sistema activado por otro usuario, para adquirir informaci\u00f3n parcial del sistema, como el n\u00famero de serie y la informaci\u00f3n del servidor."}], "id": "CVE-2022-32967", "lastModified": "2024-11-21T07:07:19.910", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 2.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 1.4, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2022-11-29T04:15:10.407", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-6740-ba9bd-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-6740-ba9bd-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "twcert@cert.org.tw", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}