vulnerability context

CVE-2022-24693

CVSS 9.8 CRITICALEPSS 87%CWE-798OTX 2 pulses

Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)

Published 2022-03-30 · last modified 2026-06-17

details

CISA KEV status: Not in catalog
CVSS v3: 9.8 / CRITICAL
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS: 87% percentile (score 0.0327)
CWE: CWE-798
OTX pulses: 2 total, 0 recent

View on NVD → · cve.org

source mentions 1

[CyberHub] 📌 CVE-2022-24693 - Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded creden...Bluesky:@cyberhub.blog · 1h ago

source consensus

Bluesky:@cyberhub.blog1×

Want the 3-bullet summary of CVE-2022-24693, plus webhook alerts when KEV is updated? Pro is $10/mo.

Open in reader See Pro →