CVE-2023-38379 Information

Description

The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to change the admin password via a zero-length pass0 to the webcontrol changepwd.cgi application i.e. the entered password only needs to match the first zero characters of the saved password.

Reference

https://tortel.li/post/insecure-scope/ https://news.ycombinator.com/item?id=36745664