CVE-2023-24022 CRITICAL

CVE-2023-24022: Hard Coded Credential Crypt Vulnerability

Vendor Baicells

Product Nova 227

Weakness CWE-284

Published January 24, 2023

Last update April 2, 2025

View on NVD All CVEs

CVSS base score

10.0/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

What the vulnerability does

01Description

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)

Key dates

02Disclosure timeline

January 24, 2023 CVE published

April 2, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-24022 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

Identifiers

CVE CVE-2023-24022

CWE CWE-284

CVSS 10.0 / CRITICAL

Affected versions

Vendor Baicells

Product Nova 227

Affected ≤ 3.7.11.3

Vendor Baicells

Product Nova 233

Affected ≤ 3.7.11.3

Vendor Baicells

Product Nova 243

Affected ≤ 3.7.11.3

CVE-2023-24022: Hard Coded Credential Crypt Vulnerability

01Description

02Disclosure timeline

03References

04Related CVE