Search criteria
3 vulnerabilities found for rtl8111ep-cg_firmware by realtek
FKIE_CVE-2022-32967
Vulnerability from fkie_nvd - Published: 2022-11-29 04:15 - Updated: 2024-11-21 07:07
Severity ?
Summary
RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information.
References
| URL | Tags | ||
|---|---|---|---|
| twcert@cert.org.tw | https://www.twcert.org.tw/tw/cp-132-6740-ba9bd-1.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.twcert.org.tw/tw/cp-132-6740-ba9bd-1.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realtek | rtl8111ep-cg_firmware | * | |
| realtek | rtl8111ep-cg_firmware | 5.0.10 | |
| realtek | rtl8111ep-cg | - | |
| realtek | rtl8111fp-cg_firmware | * | |
| realtek | rtl8111fp-cg_firmware | 5.0.10 | |
| realtek | rtl8111fp-cg | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:realtek:rtl8111ep-cg_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FA8CEB9-ECCE-49F9-B681-355F7C7E8D86",
"versionEndIncluding": "3.0.0.2019090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:realtek:rtl8111ep-cg_firmware:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD41590-F935-4436-AB30-51ABD7994263",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:realtek:rtl8111ep-cg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A0FE17D-EEAD-429F-8F45-B48D79AEE66D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:realtek:rtl8111fp-cg_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "798F35FF-351C-43B2-A7EF-828F2A4946D7",
"versionEndIncluding": "3.0.0.2019090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:realtek:rtl8111fp-cg_firmware:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1F43371D-9E6F-4984-B7F0-805B297F3978",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:realtek:rtl8111fp-cg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75EF2626-4CB6-4F11-92D2-29519555B4D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information."
},
{
"lang": "es",
"value": "La funci\u00f3n DASH RTL8111EP-CG/RTL8111FP-CG tiene una contrase\u00f1a codificada. Un atacante f\u00edsico no autenticado puede utilizar la contrase\u00f1a predeterminada codificada durante el reinicio del sistema activado por otro usuario, para adquirir informaci\u00f3n parcial del sistema, como el n\u00famero de serie y la informaci\u00f3n del servidor."
}
],
"id": "CVE-2022-32967",
"lastModified": "2024-11-21T07:07:19.910",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 1.4,
"source": "twcert@cert.org.tw",
"type": "Secondary"
}
]
},
"published": "2022-11-29T04:15:10.407",
"references": [
{
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6740-ba9bd-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6740-ba9bd-1.html"
}
],
"sourceIdentifier": "twcert@cert.org.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-32967 (GCVE-0-2022-32967)
Vulnerability from cvelistv5 – Published: 2022-11-29 03:30 – Updated: 2025-04-23 14:33
VLAI?
Title
Realtek RTL8111EP-CG/RTL8111FP-CG - Use of Hard-coded Credentials
Summary
RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information.
Severity ?
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Realtek | RTL8111EP-CG |
Affected:
unspecified , ≤ 3.0.0.2019090
(custom)
Affected: 5.0.10 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:54:03.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6740-ba9bd-1.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-32967",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:33:22.899470Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T14:33:40.929Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RTL8111EP-CG",
"vendor": "Realtek",
"versions": [
{
"lessThanOrEqual": "3.0.0.2019090",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "5.0.10"
}
]
},
{
"product": "RTL8111FP-CG",
"vendor": "Realtek",
"versions": [
{
"lessThanOrEqual": "3.0.0.2019090",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "5.0.10"
}
]
}
],
"datePublic": "2022-11-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-29T00:00:00.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-6740-ba9bd-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Contact tech support from Realtek"
}
],
"source": {
"advisory": "TVN-202209016",
"discovery": "EXTERNAL"
},
"title": "Realtek RTL8111EP-CG/RTL8111FP-CG - Use of Hard-coded Credentials",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-32967",
"datePublished": "2022-11-29T03:30:27.572Z",
"dateReserved": "2022-06-10T00:00:00.000Z",
"dateUpdated": "2025-04-23T14:33:40.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32967 (GCVE-0-2022-32967)
Vulnerability from nvd – Published: 2022-11-29 03:30 – Updated: 2025-04-23 14:33
VLAI?
Title
Realtek RTL8111EP-CG/RTL8111FP-CG - Use of Hard-coded Credentials
Summary
RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information.
Severity ?
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Realtek | RTL8111EP-CG |
Affected:
unspecified , ≤ 3.0.0.2019090
(custom)
Affected: 5.0.10 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:54:03.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6740-ba9bd-1.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-32967",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:33:22.899470Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T14:33:40.929Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RTL8111EP-CG",
"vendor": "Realtek",
"versions": [
{
"lessThanOrEqual": "3.0.0.2019090",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "5.0.10"
}
]
},
{
"product": "RTL8111FP-CG",
"vendor": "Realtek",
"versions": [
{
"lessThanOrEqual": "3.0.0.2019090",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "5.0.10"
}
]
}
],
"datePublic": "2022-11-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-29T00:00:00.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-6740-ba9bd-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Contact tech support from Realtek"
}
],
"source": {
"advisory": "TVN-202209016",
"discovery": "EXTERNAL"
},
"title": "Realtek RTL8111EP-CG/RTL8111FP-CG - Use of Hard-coded Credentials",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-32967",
"datePublished": "2022-11-29T03:30:27.572Z",
"dateReserved": "2022-06-10T00:00:00.000Z",
"dateUpdated": "2025-04-23T14:33:40.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}