ID
VAR-202301-2295
CVE
CVE-2023-24022
TITLE
plural Baicells Product use of hardcoded credentials vulnerability
Trust: 0.8
DESCRIPTION
Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.) . Baicells Nova 227 , Nova 233 , Nova 243 Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Trust: 1.71
IOT TAXONOMY
| category: | ['network device'] | sub_category: | base station | Trust: 0.1 |
AFFECTED PRODUCTS
| vendor: | baicells | model: | rtd | scope: | lt | version: | 3.7.11.6 | Trust: 1.0 |
| vendor: | baicells | model: | rts | scope: | lt | version: | 3.7.11.6 | Trust: 1.0 |
| vendor: | baicells | model: | rtd | scope: | - | version: | - | Trust: 0.8 |
| vendor: | baicells | model: | rts | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-798 | Trust: 1.0 |
| problemtype: | CWE-284 | Trust: 1.0 |
| problemtype: | Use hard-coded credentials (CWE-798) [NVD evaluation ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
trust management problem
Trust: 0.6
PATCH
| title: | 2023-1-17 Hard Coded Credential Crypt Vulnerability BaiCells | url: | https://baicells.zendesk.com/hc/en-us/articles/6188324645780-2023-1-17-Hard-Coded-Credential-Crypt-Vulnerability | Trust: 0.8 |
| title: | Multiple Baicells Nova Repair measures for product trust management problem vulnerabilities | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=223880 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2023-24022 | Trust: 3.4 |
| db: | JVNDB | id: | JVNDB-2023-002616 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202301-1994 | Trust: 0.6 |
| db: | OTHER | id: | NONE | Trust: 0.1 |
| db: | VULMON | id: | CVE-2023-24022 | Trust: 0.1 |
REFERENCES
| url: | https://img.baicells.com//upload/20230118/file/baibs_rts_3.7.11.6.img.img | Trust: 1.7 |
| url: | https://img.baicells.com//upload/20230118/file/baibs_rts_3.7.11.6_changelog.pdf.pdf | Trust: 1.7 |
| url: | https://baicells.zendesk.com/hc/en-us/articles/6188324645780-2023-1-17-hard-coded-credential-crypt-vulnerability | Trust: 1.7 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2023-24022 | Trust: 1.4 |
| url: | https://cxsecurity.com/cveshow/cve-2023-24022/ | Trust: 0.6 |
| url: | https://ieeexplore.ieee.org/abstract/document/10769424 | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
SOURCES
| db: | OTHER | id: | - |
| db: | VULMON | id: | CVE-2023-24022 |
| db: | JVNDB | id: | JVNDB-2023-002616 |
| db: | CNNVD | id: | CNNVD-202301-1994 |
| db: | NVD | id: | CVE-2023-24022 |
LAST UPDATE DATE
2025-01-30T22:03:08.891000+00:00
SOURCES UPDATE DATE
| db: | VULMON | id: | CVE-2023-24022 | date: | 2023-01-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2023-002616 | date: | 2023-07-21T07:58:00 |
| db: | CNNVD | id: | CNNVD-202301-1994 | date: | 2023-02-06T00:00:00 |
| db: | NVD | id: | CVE-2023-24022 | date: | 2023-11-07T04:08:15.733 |
SOURCES RELEASE DATE
| db: | VULMON | id: | CVE-2023-24022 | date: | 2023-01-26T00:00:00 |
| db: | JVNDB | id: | JVNDB-2023-002616 | date: | 2023-07-21T00:00:00 |
| db: | CNNVD | id: | CNNVD-202301-1994 | date: | 2023-01-26T00:00:00 |
| db: | NVD | id: | CVE-2023-24022 | date: | 2023-01-26T21:18:15.593 |