{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-24022", "assignerOrgId": "084566ad-deee-4e89-acff-6b7b1bf9d4b7", "state": "PUBLISHED", "assignerShortName": "Baicells", "dateReserved": "2023-01-20T19:38:53.748Z", "datePublished": "2023-01-24T15:51:17.731Z", "dateUpdated": "2025-04-02T13:35:30.752Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "3.7.11.3", "platforms": ["RTS"], "product": "Nova 227", "vendor": "Baicells", "versions": [{"changes": [{"at": "3.7.11.6", "status": "unaffected"}], "lessThanOrEqual": "3.7.11.3", "status": "affected", "version": "0", "versionType": "patch"}]}, {"defaultStatus": "unaffected", "packageName": "3.7.11.3", "platforms": ["RTS"], "product": "Nova 233", "vendor": "Baicells", "versions": [{"changes": [{"at": "3.7.11.6", "status": "unaffected"}], "lessThanOrEqual": "3.7.11.3", "status": "affected", "version": "0", "versionType": "patch"}]}, {"defaultStatus": "unaffected", "packageName": "3.7.11.3", "platforms": ["RTS"], "product": "Nova 243", "vendor": "Baicells", "versions": [{"changes": [{"at": "3.7.11.6 ", "status": "unaffected"}], "lessThanOrEqual": "3.7.11.3", "status": "affected", "version": "0", "versionType": "patch"}]}], "credits": [{"lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Baicells Security Team"}, {"lang": "en", "type": "analyst", "user": "00000000-0000-4000-9000-000000000000", "value": "Baicells Support Manager Blake Volk "}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.) </span><br>"}], "value": "Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.) \n"}], "impacts": [{"capecId": "CAPEC-395", "descriptions": [{"lang": "en", "value": "CAPEC-395 Bypassing Electronic Locks and Access Controls"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284: Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "084566ad-deee-4e89-acff-6b7b1bf9d4b7", "shortName": "Baicells", "dateUpdated": "2023-01-26T06:03:10.975Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://baicells.zendesk.com/hc/en-us/articles/6188324645780-2023-1-17-Hard-Coded-Credential-Crypt-Vulnerability"}, {"tags": ["patch"], "url": "https://img.baicells.com//Upload/20230118/FILE/BaiBS_RTS_3.7.11.6.IMG.IMG"}, {"tags": ["release-notes"], "url": "https://img.baicells.com//Upload/20230118/FILE/BaiBS_RTS_3.7.11.6_Changelog.PDF.pdf"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Baicells recommends that all customers currently running an earlier version of RTS/RTD upgrade their products to the 3.7.11.6 firmware.</span><br>"}], "value": "Baicells recommends that all customers currently running an earlier version of RTS/RTD upgrade their products to the 3.7.11.6 firmware.\n"}], "source": {"discovery": "INTERNAL"}, "title": "Hard Coded Credential Crypt Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:49:08.917Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://baicells.zendesk.com/hc/en-us/articles/6188324645780-2023-1-17-Hard-Coded-Credential-Crypt-Vulnerability"}, {"tags": ["patch", "x_transferred"], "url": "https://img.baicells.com//Upload/20230118/FILE/BaiBS_RTS_3.7.11.6.IMG.IMG"}, {"tags": ["release-notes", "x_transferred"], "url": "https://img.baicells.com//Upload/20230118/FILE/BaiBS_RTS_3.7.11.6_Changelog.PDF.pdf"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-02T13:35:16.997346Z", "id": "CVE-2023-24022", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-02T13:35:30.752Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://baicells.zendesk.com/hc/en-us/articles/6188324645780-2023-1-17-Hard-Coded-Credential-Crypt-Vulnerability", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://img.baicells.com//Upload/20230118/FILE/BaiBS_RTS_3.7.11.6.IMG.IMG", "tags": ["patch", "x_transferred"]}, {"url": "https://img.baicells.com//Upload/20230118/FILE/BaiBS_RTS_3.7.11.6_Changelog.PDF.pdf", "tags": ["release-notes", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:49:08.917Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-24022", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-02T13:35:16.997346Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-02T13:35:22.186Z"}}], "cna": {"title": "Hard Coded Credential Crypt Vulnerability", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Baicells Security Team"}, {"lang": "en", "type": "analyst", "user": "00000000-0000-4000-9000-000000000000", "value": "Baicells Support Manager Blake Volk "}], "impacts": [{"capecId": "CAPEC-395", "descriptions": [{"lang": "en", "value": "CAPEC-395 Bypassing Electronic Locks and Access Controls"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Baicells", "product": "Nova 227", "versions": [{"status": "affected", "changes": [{"at": "3.7.11.6", "status": "unaffected"}], "version": "0", "versionType": "patch", "lessThanOrEqual": "3.7.11.3"}], "platforms": ["RTS"], "packageName": "3.7.11.3", "defaultStatus": "unaffected"}, {"vendor": "Baicells", "product": "Nova 233", "versions": [{"status": "affected", "changes": [{"at": "3.7.11.6", "status": "unaffected"}], "version": "0", "versionType": "patch", "lessThanOrEqual": "3.7.11.3"}], "platforms": ["RTS"], "packageName": "3.7.11.3", "defaultStatus": "unaffected"}, {"vendor": "Baicells", "product": "Nova 243", "versions": [{"status": "affected", "changes": [{"at": "3.7.11.6 ", "status": "unaffected"}], "version": "0", "versionType": "patch", "lessThanOrEqual": "3.7.11.3"}], "platforms": ["RTS"], "packageName": "3.7.11.3", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Baicells recommends that all customers currently running an earlier version of RTS/RTD upgrade their products to the 3.7.11.6 firmware.\n", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Baicells recommends that all customers currently running an earlier version of RTS/RTD upgrade their products to the 3.7.11.6 firmware.</span><br>", "base64": false}]}], "references": [{"url": "https://baicells.zendesk.com/hc/en-us/articles/6188324645780-2023-1-17-Hard-Coded-Credential-Crypt-Vulnerability", "tags": ["vendor-advisory"]}, {"url": "https://img.baicells.com//Upload/20230118/FILE/BaiBS_RTS_3.7.11.6.IMG.IMG", "tags": ["patch"]}, {"url": "https://img.baicells.com//Upload/20230118/FILE/BaiBS_RTS_3.7.11.6_Changelog.PDF.pdf", "tags": ["release-notes"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.) \n", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.) </span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "084566ad-deee-4e89-acff-6b7b1bf9d4b7", "shortName": "Baicells", "dateUpdated": "2023-01-26T06:03:10.975Z"}}}, "cveMetadata": {"cveId": "CVE-2023-24022", "state": "PUBLISHED", "dateUpdated": "2025-04-02T13:35:30.752Z", "dateReserved": "2023-01-20T19:38:53.748Z", "assignerOrgId": "084566ad-deee-4e89-acff-6b7b1bf9d4b7", "datePublished": "2023-01-24T15:51:17.731Z", "assignerShortName": "Baicells"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:baicells:rtd_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "148B43F9-03E6-43FC-9631-94EAFB4497FB", "versionEndExcluding": "3.7.11.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:baicells:rts_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB305C49-EC84-4C16-B961-1DAA3BC6B108", "versionEndExcluding": "3.7.11.6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:baicells:nova227:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FF244C0-5EC5-41ED-8474-23097129A903", "vulnerable": false}, {"criteria": "cpe:2.3:h:baicells:nova233:-:*:*:*:*:*:*:*", "matchCriteriaId": "E9943901-505F-495E-8B83-B6D50E2ECD26", "vulnerable": false}, {"criteria": "cpe:2.3:h:baicells:nova243:-:*:*:*:*:*:*:*", "matchCriteriaId": "B3A7D0D1-2ADE-4EB6-B2C4-060528D60598", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.) \n"}, {"lang": "es", "value": "Los dispositivos Baicells Nova 227, Nova 233 y Nova 243 LTE TDD eNodeB con firmware hasta RTS/RTD 3.7.11.3 tienen credenciales codificadas que se descubren f\u00e1cilmente y pueden ser utilizadas por atacantes remotos para autenticarse a trav\u00e9s de ssh. (Las credenciales se almacenan en el firmware, cifradas mediante la funci\u00f3n de cripta)."}], "id": "CVE-2023-24022", "lastModified": "2024-11-21T07:47:16.470", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "security@baicells.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-26T21:18:15.593", "references": [{"source": "security@baicells.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://baicells.zendesk.com/hc/en-us/articles/6188324645780-2023-1-17-Hard-Coded-Credential-Crypt-Vulnerability"}, {"source": "security@baicells.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://img.baicells.com//Upload/20230118/FILE/BaiBS_RTS_3.7.11.6.IMG.IMG"}, {"source": "security@baicells.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://img.baicells.com//Upload/20230118/FILE/BaiBS_RTS_3.7.11.6_Changelog.PDF.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://baicells.zendesk.com/hc/en-us/articles/6188324645780-2023-1-17-Hard-Coded-Credential-Crypt-Vulnerability"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://img.baicells.com//Upload/20230118/FILE/BaiBS_RTS_3.7.11.6.IMG.IMG"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://img.baicells.com//Upload/20230118/FILE/BaiBS_RTS_3.7.11.6_Changelog.PDF.pdf"}], "sourceIdentifier": "security@baicells.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security@baicells.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}