CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
EPSS
Percentile
21.7%
RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information.
Vendor | Product | Version | CPE |
---|---|---|---|
realtek | rtl8111ep-cg_firmware | * | cpe:2.3:o:realtek:rtl8111ep-cg_firmware:*:*:*:*:*:*:*:* |
realtek | rtl8111ep-cg_firmware | 5.0.10 | cpe:2.3:o:realtek:rtl8111ep-cg_firmware:5.0.10:*:*:*:*:*:*:* |
realtek | rtl8111ep-cg | - | cpe:2.3:h:realtek:rtl8111ep-cg:-:*:*:*:*:*:*:* |
realtek | rtl8111fp-cg_firmware | * | cpe:2.3:o:realtek:rtl8111fp-cg_firmware:*:*:*:*:*:*:*:* |
realtek | rtl8111fp-cg_firmware | 5.0.10 | cpe:2.3:o:realtek:rtl8111fp-cg_firmware:5.0.10:*:*:*:*:*:*:* |
realtek | rtl8111fp-cg | - | cpe:2.3:h:realtek:rtl8111fp-cg:-:*:*:*:*:*:*:* |