2022-03-30 Hard Coded Credential Crypt Vulnerability

Blake Volk

Updated March 30, 2022 21:40

Advisory ID:

CVE-2022-24693

First Published:

2022 March 30

Last Updated:

2022 March 30

Workarounds:

Upgrade to QRTB 2.9.10 code or later

Summary:

Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.) More information regarding CVE-2022-24693 can be reviewed here: CVE-2022-24693

Affected Products:

Nova 436Q
Nova 430e
Nova 430i
Neutrino 430

Resolution:

Baicells has resolved CVE-2022-24693 in software version 2.9.10 and later. Baicells recommends that all customers currently running an earlier version of QRTB upgrade their products to the 2.9.10 firmware.

2022-03-30 Hard Coded Credential Crypt Vulnerability

Comments

<%= previousTitle %>

<%= nextTitle %>

In this article

<% if (!block.description) { %> <%= block.name %> <% } else { %> <%= block.name %> <% } %>

Get in touch

<% if (!block.description) { %> <%= block.name %> <% } else { %> <%= block.name %> <% } %>

Still have questions?

Categories

Toggle navigation menu

<%= category.name %>