CVE-2014-125001 HIGH

CVE-2014-125001: Cardo Systems Scala Rider Q3 Cardo-Updater api privileges management

Vendor Cardo Systems
Product Scala Rider Q3
Weakness CWE-269
Published May 24, 2022
Last update April 15, 2025

CVSS base score

8.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability classified as critical has been found in Cardo Systems Scala Rider Q3. Affected is the file /cardo/api of the Cardo-Updater. Unauthenticated remote code execution with root permissions is possible. Firewalling or disabling the service is recommended.

Key dates

02Disclosure timeline

May 24, 2022 CVE published
April 15, 2025 Record updated

Related vulnerabilities

04Related CVE