CVE-2021-38759
CVE-2021-38759
Vexday Risk Score
28Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS —EPSS 15.7%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Lifecycle
07 Dec 2021Published on NVD
09 Dec 2021Public PoC
Weaponization speed
1 daysto first PoC
Weaponized quickly — attackers prioritized this vulnerability. Patch urgently.
Recommendation: Plan a near-term fix — a public PoC already exists.
Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, attackers can gain administrator privileges.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/165211/Raspberry-Pi-5.10-Default-Credentials.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50576unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://packetstormsecurity.com/files/165211/Raspberry-Pi-5.10-Default-Credentials.htmlhttps://arstechnica.com/gadgets/2022/04/raspberry-pi-os-axes-longstanding-default-user-account-in-the-name-of-security/https://www.cnvd.org.cn/flaw/show/CNVD-2021-43968https://www.raspberrypi.com/documentation/computers/configuration.html#change-the-default-password