Hard Coded Credential Crypt Vulnerability
CVE-2023-24022

10CRITICAL

Key Information:

Vendor

Baicells

Status
Nova 227
Nova 233
Nova 243
Vendor
CVE Published:
26 January 2023

What is CVE-2023-24022?

Certain Baicells Nova LTE TDD eNodeB devices, specifically the Nova 227, Nova 233, and Nova 243 running firmware versions up to RTS/RTD 3.7.11.3, contain hardcoded credentials that can be easily accessed by remote attackers. These credentials, stored within the firmware and obscured only by basic encryption methods, can enable unauthorized SSH access, posing a significant threat to the integrity and security of these network devices.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Nova 227 RTS 0 <= 3.7.11.3

Nova 233 RTS 0 <= 3.7.11.3

Nova 243 RTS 0 <= 3.7.11.3

References

https://baicells.zendesk.com/hc/en-us/articles/6188324645...
vendor-advisory
https://img.baicells.com//Upload/20230118/FILE/BaiBS_RTS_...
patch
https://img.baicells.com//Upload/20230118/FILE/BaiBS_RTS_...
release-notes

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Baicells Security Team
Baicells Support Manager Blake Volk
JSON
.