Remote Password Change Vulnerability in RIGOL MSO5000 Digital Oscilloscope

Remote Password Change Vulnerability in RIGOL MSO5000 Digital Oscilloscope

CVE-2023-38379 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to change the admin password via a zero-length pass0 to the webcontrol changepwd.cgi application, i.e., the entered password only needs to match the first zero characters of the saved password.

Learn more about our Web App Pen Testing.