CVE-2023-24022

moderate-risk
Published 2023-01-26

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)

Do I need to act?

-
0.83% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
10
CVSS 10.0/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Rtd Firmware
Rts Firmware

Affected Vendors

Baicells

References (6)

Patch https://baicells.zendesk.com/hc/en-us/articles/6188324645780-2023-1-17-Hard-Code...
Release Notes https://img.baicells.com//Upload/20230118/FILE/BaiBS_RTS_3.7.11.6.IMG.IMG
Release Notes https://img.baicells.com//Upload/20230118/FILE/BaiBS_RTS_3.7.11.6_Changelog.PDF....
Patch https://baicells.zendesk.com/hc/en-us/articles/6188324645780-2023-1-17-Hard-Code...
Release Notes https://img.baicells.com//Upload/20230118/FILE/BaiBS_RTS_3.7.11.6.IMG.IMG
Release Notes https://img.baicells.com//Upload/20230118/FILE/BaiBS_RTS_3.7.11.6_Changelog.PDF....
43
/ 100
moderate-risk
Severity 33/34 · Critical
Exploitability 3/34 · Minimal
Exposure 7/34 · Low