CVE-2021-38759 Information

Description

Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed attackers can gain administrator privileges.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://www.raspberrypi.com/documentation/computers/configuration.html#change-the-default-password https://www.cnvd.org.cn/flaw/show/CNVD-2021-43968 http://packetstormsecurity.com/files/165211/Raspberry-Pi-5.10-Default-Credentials.html https://arstechnica.com/gadgets/2022/04/raspberry-pi-os-axes-longstanding-default-user-account-in-the-name-of-security/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8