CVE-2022-24693

CRITICAL

Baicells Nova436Q & Neutrino 430 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-24693. PoCs published by lukejenkins.

AI-analyzed exploit summary This repository provides a detailed writeup for CVE-2022-24693, which involves hardcoded credentials in Baicells Nova436Q and Neutrino 430 devices. The vulnerability allows remote attackers to authenticate via SSH using static credentials stored in the firmware, encrypted with the crypt() function.

Description

Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)

Exploits (1)

nomisec WRITEUP 3 stars

by lukejenkins · poc

https://github.com/lukejenkins/CVE-2022-24693

View Code ZIP pw:eip

This repository provides a detailed writeup for CVE-2022-24693, which involves hardcoded credentials in Baicells Nova436Q and Neutrino 430 devices. The vulnerability allows remote attackers to authenticate via SSH using static credentials stored in the firmware, encrypted with the crypt() function.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8

No auth needed

Prerequisites: Access to the firmware image · Tools like binwalk and hashcat to extract and crack credentials

MITRE ATT&CK

T1078 - Valid Accounts T1110 - Brute Force

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory x_refsource_misc

https://na.baicells.com/Service/Firmware

Release Notes, Third Party Advisory x_refsource_misc

https://img.baicells.com/Upload/20210909/FILE/98d2752f-6e83-49b1-9dab-d291e9023db6.pdf

Third Party Advisory x_refsource_misc

https://github.com/lukejenkins/CVE-2022-24693

Scores

CVSS v3 9.8

EPSS 0.0327

EPSS Percentile 86.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-798

Status published

Products (2)

baicells/neutrino_430_firmware < qrtb_2.7.8

baicells/nova436q_firmware < qrtb_2.7.8

Published Mar 30, 2022

Tracked Since Feb 18, 2026