Vulnerability Details CVE-2023-38379
The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to change the admin password via a zero-length pass0 to the webcontrol changepwd.cgi application, i.e., the entered password only needs to match the first zero characters of the saved password.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.6%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2023-38379
-
cpe:2.3:h:rigol:mso5000:-
-
cpe:2.3:o:rigol:mso5000_firmware:00.01.03.00.03