MidnightBSD

Advisories for rigol

CVE-2023-38378

The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to execute arbitrary code via shell metacharacters in pass1 to the webcontrol changepwd.cgi application.

Products Affected

Vendor Product Version
rigol mso5000_firmware 00.01.03.00.03
CVE-2023-38379

The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to change the admin password via a zero-length pass0 to the webcontrol changepwd.cgi application, i.e., the entered password only needs to match the first zero characters of the saved password.

Products Affected

Vendor Product Version
rigol mso5000_firmware 00.01.03.00.03