An SSH and hardcoded password vulnerability has recently been discovered in previously released software for the following radios:
- Nova 436Q
- Nova 430e
- Nova 430i
- Neutrino 430
We are advising everyone running the following radios to upgrade their software to QRTB 2.9.10 immediately to resolve the vulnerability. Radios which are not updated run the risk of being exploited by the vulnerability via SSH and are susceptible to a breach.
Baicells wanted to thank Luke Jenkins of Weber State University for the discovery and for working with us during the remediation.
Baicells has resolved CVE-2022-24693 in software version 2.9.10 and later you can read our full Security Advisory at the below link.
Security Advisory: https://baicells.zendesk.com/hc/en-us/articles/5193087997844-2022-03-30-Hard-Coded-Credential-Crypt-Vulnerability