Exploitation Summary
EIP tracks 1 public exploit for CVE-2021-38759. PoCs published by netspooky.
AI-analyzed exploit summary This exploit leverages default credentials (pi:raspberry) on Raspberry Pi OS <= 5.10 to establish an SSH connection and execute the 'id' command. It demonstrates an authentication bypass due to unchanged default credentials.
Description
Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, attackers can gain administrator privileges.
Exploits (1)
exploitdb
WORKING POC
by netspooky · pythonremotelinux
https://www.exploit-db.com/exploits/50576
This exploit leverages default credentials (pi:raspberry) on Raspberry Pi OS <= 5.10 to establish an SSH connection and execute the 'id' command. It demonstrates an authentication bypass due to unchanged default credentials.
Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target:
Raspberry Pi OS <= 5.10
No auth needed
Prerequisites:
Target Raspberry Pi OS with default credentials unchanged · SSH service accessible
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (4)
Core 4
Core References
Vendor Advisory x_refsource_misc
https://www.raspberrypi.com/documentation/computers/configuration.html#change-the-default-password
Third Party Advisory x_refsource_misc
https://www.cnvd.org.cn/flaw/show/CNVD-2021-43968
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/165211/Raspberry-Pi-5.10-Default-Credentials.html
Third Party Advisory x_refsource_misc
https://arstechnica.com/gadgets/2022/04/raspberry-pi-os-axes-longstanding-default-user-account-in-the-name-of-security/
Scores
CVSS v3
9.8
EPSS
0.1567
EPSS Percentile
96.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-1188
Status
published
Products (1)
raspberrypi/raspberry_pi_os_lite
< 5.10
Published
Dec 07, 2021
Tracked Since
Feb 18, 2026