Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow attackers to remotely connect via the SSH protocol (port 22).
References
Link | Resource |
---|---|
https://github.com/goldshellminer/firmware | Third Party Advisory |
https://jamesachambers.com/cryptocurrency-asic-miners-security-and-hacking-audit/ | Exploit Mitigation Third Party Advisory |
Configurations
History
27 Jul 2022, 22:04
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://jamesachambers.com/cryptocurrency-asic-miners-security-and-hacking-audit/ - Exploit, Mitigation, Third Party Advisory | |
References | (MISC) https://github.com/goldshellminer/firmware - Third Party Advisory | |
CWE | CWE-798 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:o:goldshell:goldshell_miner_firmware:*:*:*:*:*:*:*:* |
20 Jul 2022, 13:40
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-20 13:15
Updated : 2024-02-04 22:51
NVD link : CVE-2022-24657
Mitre link : CVE-2022-24657
CVE.ORG link : CVE-2022-24657
JSON object : View
Products Affected
goldshell
- goldshell_miner_firmware
CWE
CWE-798
Use of Hard-coded Credentials