CVE-2022-32967

RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information.
References
Link Resource
https://www.twcert.org.tw/tw/cp-132-6740-ba9bd-1.html Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:realtek:rtl8111ep-cg_firmware:5.0.10:*:*:*:*:*:*:*
cpe:2.3:o:realtek:rtl8111ep-cg_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:realtek:rtl8111ep-cg:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:realtek:rtl8111fp-cg_firmware:5.0.10:*:*:*:*:*:*:*
cpe:2.3:o:realtek:rtl8111fp-cg_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:realtek:rtl8111fp-cg:-:*:*:*:*:*:*:*

Information

Published : 2022-11-28 20:15

Updated : 2022-11-29 20:59


NVD link : CVE-2022-32967

Mitre link : CVE-2022-32967


JSON object : View

CWE
CWE-798

Use of Hard-coded Credentials

Advertisement

dedicated server usa

Products Affected

realtek

  • rtl8111fp-cg
  • rtl8111fp-cg_firmware
  • rtl8111ep-cg_firmware
  • rtl8111ep-cg