CVE-2023-38379

The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to change the admin password via a zero-length pass0 to the webcontrol changepwd.cgi application, i.e., the entered password only needs to match the first zero characters of the saved password.

Date published : 2023-07-16

https://news.ycombinator.com/item?id=36745664

https://tortel.li/post/insecure-scope/