CVE DATABASE / CVE-2021-38759
CVE-2021-38759
CVSS 9.8 · CRITICAL
Summary
Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, attackers can gain administrator privileges.
CVSS 3.1 breakdown
| Base score | 9.8 (CRITICAL) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Raspberrypi raspberry pi os lite
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://packetstormsecurity.com/files/165211/Raspberry-Pi-5.10-Default-Credentials.html
- https://arstechnica.com/gadgets/2022/04/raspberry-pi-os-axes-longstanding-default-user-account-in-the-name-of-security/
- https://www.cnvd.org.cn/flaw/show/CNVD-2021-43968
- https://www.raspberrypi.com/documentation/computers/configuration.html#change-the-default-password
Data: NIST NVD. NVD last modified 2024-11-21. Always verify against the vendor advisory before acting.