CVE-2021-38759

CRITICAL

Raspberry Pi OS <5.10 - Privilege Escalation

Title source: llm

Description

Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, attackers can gain administrator privileges.

Exploits (1)

exploitdb WORKING POC
by netspooky · pythonremotelinux
https://www.exploit-db.com/exploits/50576

References (4)

Scores

CVSS v3 9.8
EPSS 0.2973
EPSS Percentile 96.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-1188
Status published
Products (1)
raspberrypi/raspberry_pi_os_lite < 5.10
Published Dec 07, 2021
Tracked Since Feb 18, 2026