VYPR

Nova 436Q

by Baicells

CVEs (2)

  • CVE-2023-0776Feb 10, 2023
    risk 0.00cvss epss 0.01

    Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions.…

  • CVE-2022-24693Mar 30, 2022
    risk 0.00cvss epss 0.03

    Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)