Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| ics-cert@hq.dhs.gov | 8.4 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.5 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| birddog | a300_firmware | 3.4 |
| birddog | 4k_quad_firmware | 4.5.181 |
| birddog | mini_firmware | 2.6.2 |
| birddog | 4k_quad_firmware | 4.5.196 |
| birddog | studio_r3_firmware | 3.6.4 |
The affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| ics-cert@hq.dhs.gov | 7.7 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N | 3.1 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| birddog | a300_firmware | 3.4 |
| birddog | 4k_quad_firmware | 4.5.181 |
| birddog | mini_firmware | 2.6.2 |
| birddog | 4k_quad_firmware | 4.5.196 |
| birddog | studio_r3_firmware | 3.6.4 |