Vulnerability Description
Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, attackers can gain administrator privileges.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Raspberrypi | Raspberry Pi Os Lite | <= 5.10 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/165211/Raspberry-Pi-5.10-Default-CredentialThird Party AdvisoryVDB Entry
- https://arstechnica.com/gadgets/2022/04/raspberry-pi-os-axes-longstanding-defaulThird Party Advisory
- https://www.cnvd.org.cn/flaw/show/CNVD-2021-43968Third Party Advisory
- https://www.raspberrypi.com/documentation/computers/configuration.html#change-thVendor Advisory
- http://packetstormsecurity.com/files/165211/Raspberry-Pi-5.10-Default-CredentialThird Party AdvisoryVDB Entry
- https://arstechnica.com/gadgets/2022/04/raspberry-pi-os-axes-longstanding-defaulThird Party Advisory
- https://www.cnvd.org.cn/flaw/show/CNVD-2021-43968Third Party Advisory
- https://www.raspberrypi.com/documentation/computers/configuration.html#change-thVendor Advisory
FAQ
What is CVE-2021-38759?
CVE-2021-38759 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, attackers can gain administrator privileges.
How severe is CVE-2021-38759?
CVE-2021-38759 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-38759?
Check the references section above for vendor advisories and patch information. Affected products include: Raspberrypi Raspberry Pi Os Lite.