Vulnerability Details CVE-2021-38759
Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, attackers can gain administrator privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.446
EPSS Ranking 97.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://packetstormsecurity.com/files/165211/Raspberry-Pi-5.10-Default-Credentials.html
- https://arstechnica.com/gadgets/2022/04/raspberry-pi-os-axes-longstanding-default-user-account-in-the-name-of-security/
- https://www.cnvd.org.cn/flaw/show/CNVD-2021-43968
- https://www.raspberrypi.com/documentation/computers/configuration.html#change-the-default-password
- http://packetstormsecurity.com/files/165211/Raspberry-Pi-5.10-Default-Credentials.html
- https://arstechnica.com/gadgets/2022/04/raspberry-pi-os-axes-longstanding-default-user-account-in-the-name-of-security/
- https://www.cnvd.org.cn/flaw/show/CNVD-2021-43968
- https://www.raspberrypi.com/documentation/computers/configuration.html#change-the-default-password
Products affected by CVE-2021-38759
-
cpe:2.3:o:raspberrypi:raspberry_pi_os_lite:-
-
cpe:2.3:o:raspberrypi:raspberry_pi_os_lite:5.10