CVE-2014-125001
HIGHCardo Systems Scala Rider Q3 Firmware - Unauthenticated Remote Code Execution via Cardo-Updater API
Title source: llmDescription
A vulnerability classified as critical has been found in Cardo Systems Scala Rider Q3. Affected is the file /cardo/api of the Cardo-Updater. Unauthenticated remote code execution with root permissions is possible. Firewalling or disabling the service is recommended.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
http://www.remote-exploit.org/archives/2014/06/03/ride_with_the_devil/
Third Party Advisory x_refsource_misc
https://vuldb.com/?id.13428
Scores
CVSS v3
8.1
EPSS
0.0341
EPSS Percentile
87.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-269
Status
published
Products (1)
cardosystems/scala_rider_q3_firmware
Published
May 24, 2022
Tracked Since
Feb 18, 2026