Description
The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to execute arbitrary code via shell metacharacters in pass1 to the webcontrol changepwd.cgi application.
References (2)
Core 2
Core References
Issue Tracking, Third Party Advisory
https://news.ycombinator.com/item?id=36745664
Exploit, Third Party Advisory
https://tortel.li/post/insecure-scope/
Scores
CVSS v3
9.8
EPSS
0.0123
EPSS Percentile
65.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (1)
rigol/mso5000_firmware
00.01.03.00.03
Published
Jul 16, 2023
Tracked Since
Feb 18, 2026