Revolution Pi: Multiple Authentication Vulnerabilities in webstatus Package

TLP: WHITE

Publisher: KUNBUS PSIRT Document category: csaf_security_advisory
Initial release date: 2022-12-20T11:00:00.000Z Engine: csaf-cms-backend 1.0.0
Current release date: 2025-05-07T11:04:54.252444323Z Build Date: 2025-05-07T11:00:05.499Z
Current version: 3 Status: final
CVSSv3.1 Base Score: 9.8 Severity:
Original language: Language: en-US
Also referred to:

Product groups

Revolution Pi OS Full Images
  • KUNBUS Revolution Pi Revolution Pi OS Buster (08/2022)
  • KUNBUS Revolution Pi Revolution Pi OS Buster (05/2022)
Revolution Pi OS Lite Images
  • KUNBUS Revolution Pi Revolution Pi OS Buster Lite (08/2022)
  • KUNBUS Revolution Pi Revolution Pi OS Buster Lite (05/2022)
webstatus < 2.0.5
  • KUNBUS Revolution Pi webstatus up to 2.0.2-1
  • KUNBUS Revolution Pi webstatus 2.0.3
  • KUNBUS Revolution Pi webstatus 2.0.4

Vulnerabilities

Password reset to known value for unauthenticated user

Password reset to known value for unauthenticated user (all)

Its possible to set the login password to a pre-known hash value for an unauthenticated user.

CWE: CWE-640:Weak Password Recovery Mechanism for Forgotten Password

Product status

Known affected
Product CVSS-Vector CVSS Base Score
KUNBUS Revolution Pi webstatus up to 2.0.2-1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9.8
Last affected
Product CVSS-Vector CVSS Base Score
KUNBUS Revolution Pi webstatus up to 2.0.2-1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9.8
Fixed
  • KUNBUS Revolution Pi webstatus 2.0.3
  • KUNBUS Revolution Pi Revolution Pi OS Buster (05/2022)
  • KUNBUS Revolution Pi Revolution Pi OS Buster Lite (05/2022)

Remediations

Workaround

Disable the Apache Webserver serving webstatus and pictory or disable there webroot at the apache configuration

For products:
  • KUNBUS Revolution Pi webstatus up to 2.0.2-1

Unauthenticated user can get default password

Unauthenticated user can get default password (all)

An unauthenticated user can get the default password without additional security measures.

CWE: CWE-200:Exposure of Sensitive Information to an Unauthorized Actor

Product status

Last affected
Product CVSS-Vector CVSS Base Score
KUNBUS Revolution Pi webstatus up to 2.0.2-1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9.8
First fixed
  • KUNBUS Revolution Pi webstatus 2.0.3
  • KUNBUS Revolution Pi Revolution Pi OS Buster (05/2022)
  • KUNBUS Revolution Pi Revolution Pi OS Buster Lite (05/2022)

Remediations

Mitigation

Disable the possibility to reset the password to the default password in the webstatus UI. Addionally make sure that the SSH password is changed.

For products:
  • KUNBUS Revolution Pi webstatus up to 2.0.2-1
Workaround

Disable the Apache Webserver serving webstatus and pictory or disable there webroot at the apache configuration.

For products:
  • KUNBUS Revolution Pi webstatus up to 2.0.2-1

Unauthenticated user can get information to reconstruct default password

Unauthenticated user can get information to reconstruct default password

An unauthenticated user can get information that, combined with other information, reveals the default password.

CWE: CWE-200:Exposure of Sensitive Information to an Unauthorized Actor

Product status

Known affected
Product CVSS-Vector CVSS Base Score
KUNBUS Revolution Pi Revolution Pi OS Buster (08/2022) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9.8
KUNBUS Revolution Pi Revolution Pi OS Buster (05/2022) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9.8
KUNBUS Revolution Pi Revolution Pi OS Buster Lite (08/2022) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9.8
KUNBUS Revolution Pi Revolution Pi OS Buster Lite (05/2022) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9.8
Last affected
Product CVSS-Vector CVSS Base Score
KUNBUS Revolution Pi webstatus 2.0.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9.8
First fixed
  • KUNBUS Revolution Pi webstatus 2.0.5

Remediations

Mitigation

Disable the possibility to reset the password to the default password in the webstatus UI. Addionally make sure that the SSH password is changed.

For products:
  • KUNBUS Revolution Pi webstatus up to 2.0.2-1
  • KUNBUS Revolution Pi webstatus 2.0.3
  • KUNBUS Revolution Pi webstatus 2.0.4
  • KUNBUS Revolution Pi Revolution Pi OS Buster (08/2022)
  • KUNBUS Revolution Pi Revolution Pi OS Buster (05/2022)
  • KUNBUS Revolution Pi Revolution Pi OS Buster Lite (08/2022)
  • KUNBUS Revolution Pi Revolution Pi OS Buster Lite (05/2022)
Workaround

Disable the Apache Webserver serving webstatus and pictory or disable there webroot at the apache configuration.

For products:
  • KUNBUS Revolution Pi webstatus up to 2.0.2-1
  • KUNBUS Revolution Pi webstatus 2.0.3
  • KUNBUS Revolution Pi webstatus 2.0.4
  • KUNBUS Revolution Pi Revolution Pi OS Buster (08/2022)
  • KUNBUS Revolution Pi Revolution Pi OS Buster (05/2022)
  • KUNBUS Revolution Pi Revolution Pi OS Buster Lite (08/2022)
  • KUNBUS Revolution Pi Revolution Pi OS Buster Lite (05/2022)

KUNBUS PSIRT

Namespace: https://www.kunbus.com

product-security@kunbus.com

KUNBUS GmbH develops and produces the Revolution Pi Family, Revolution Pi OS and the extension modules for RevPi amongst others. KUNBUS PSIRT is responsible for vulnerability handling across all KUNBUS products and services.

References

Revision history

Version Date of the revision Summary of the revision
1 2022-12-20T11:00:00.000Z Initial Version following the release of a patched version of Webstatus.
2 2025-05-07T10:52:02.234257928Z Added legal disclaimer, modified Publisher Information, and sorted document
3 2025-05-07T11:04:54.252444323Z Added self-reference and Reference to HTML Version

Sharing rules

TLP:WHITE
For the TLP version see: https://www.first.org/tlp/

Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. KUNBUS RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

Download JSON file

kunbus-2022002.json (11.3 KiB)