Remote Code Execution Vulnerability in RIGOL MSO5000 Digital Oscilloscope

Remote Code Execution Vulnerability in RIGOL MSO5000 Digital Oscilloscope

CVE-2023-38378 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to execute arbitrary code via shell metacharacters in pass1 to the webcontrol changepwd.cgi application.

Learn more about our Web App Pen Testing.