Revolution Pi: Multiple Authentication Vulnerabilities in webstatus Package
TLP: WHITE
| Publisher: KUNBUS PSIRT | Document category: csaf_security_advisory |
| Initial release date: 2022-12-20T11:00:00.000Z | Engine: csaf-cms-backend 1.0.0 |
| Current release date: 2025-05-07T11:04:54.252444323Z | Build Date: 2025-05-07T11:00:05.499Z |
| Current version: 3 | Status: final |
| CVSSv3.1 Base Score: 9.8 | Severity: |
| Original language: | Language: en-US |
| Also referred to: | |
Product groups
Revolution Pi OS Full Images- KUNBUS Revolution Pi Revolution Pi OS Buster (08/2022)
- KUNBUS Revolution Pi Revolution Pi OS Buster (05/2022)
- KUNBUS Revolution Pi Revolution Pi OS Buster Lite (08/2022)
- KUNBUS Revolution Pi Revolution Pi OS Buster Lite (05/2022)
- KUNBUS Revolution Pi webstatus up to 2.0.2-1
- KUNBUS Revolution Pi webstatus 2.0.3
- KUNBUS Revolution Pi webstatus 2.0.4
Vulnerabilities
Password reset to known value for unauthenticated user
Password reset to known value for unauthenticated user (all)Its possible to set the login password to a pre-known hash value for an unauthenticated user.
| CWE: | CWE-640:Weak Password Recovery Mechanism for Forgotten Password |
|---|
Product status
Known affected
| Product | CVSS-Vector | CVSS Base Score |
|---|---|---|
| KUNBUS Revolution Pi webstatus up to 2.0.2-1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R | 9.8 |
Last affected
| Product | CVSS-Vector | CVSS Base Score |
|---|---|---|
| KUNBUS Revolution Pi webstatus up to 2.0.2-1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R | 9.8 |
Fixed
- KUNBUS Revolution Pi webstatus 2.0.3
- KUNBUS Revolution Pi Revolution Pi OS Buster (05/2022)
- KUNBUS Revolution Pi Revolution Pi OS Buster Lite (05/2022)
Remediations
Workaround
Disable the Apache Webserver serving webstatus and pictory or disable there webroot at the apache configuration
For products:
- KUNBUS Revolution Pi webstatus up to 2.0.2-1
Unauthenticated user can get default password
Unauthenticated user can get default password (all)An unauthenticated user can get the default password without additional security measures.
| CWE: | CWE-200:Exposure of Sensitive Information to an Unauthorized Actor |
|---|
Product status
Last affected
| Product | CVSS-Vector | CVSS Base Score |
|---|---|---|
| KUNBUS Revolution Pi webstatus up to 2.0.2-1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R | 9.8 |
First fixed
- KUNBUS Revolution Pi webstatus 2.0.3
- KUNBUS Revolution Pi Revolution Pi OS Buster (05/2022)
- KUNBUS Revolution Pi Revolution Pi OS Buster Lite (05/2022)
Remediations
Mitigation
Disable the possibility to reset the password to the default password in the webstatus UI. Addionally make sure that the SSH password is changed.
For products:
- KUNBUS Revolution Pi webstatus up to 2.0.2-1
Workaround
Disable the Apache Webserver serving webstatus and pictory or disable there webroot at the apache configuration.
For products:
- KUNBUS Revolution Pi webstatus up to 2.0.2-1
Unauthenticated user can get information to reconstruct default password
Unauthenticated user can get information to reconstruct default passwordAn unauthenticated user can get information that, combined with other information, reveals the default password.
| CWE: | CWE-200:Exposure of Sensitive Information to an Unauthorized Actor |
|---|
Product status
Known affected
| Product | CVSS-Vector | CVSS Base Score |
|---|---|---|
| KUNBUS Revolution Pi Revolution Pi OS Buster (08/2022) | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R | 9.8 |
| KUNBUS Revolution Pi Revolution Pi OS Buster (05/2022) | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R | 9.8 |
| KUNBUS Revolution Pi Revolution Pi OS Buster Lite (08/2022) | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R | 9.8 |
| KUNBUS Revolution Pi Revolution Pi OS Buster Lite (05/2022) | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R | 9.8 |
Last affected
| Product | CVSS-Vector | CVSS Base Score |
|---|---|---|
| KUNBUS Revolution Pi webstatus 2.0.4 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R | 9.8 |
First fixed
- KUNBUS Revolution Pi webstatus 2.0.5
Remediations
Mitigation
Disable the possibility to reset the password to the default password in the webstatus UI. Addionally make sure that the SSH password is changed.
For products:
- KUNBUS Revolution Pi webstatus up to 2.0.2-1
- KUNBUS Revolution Pi webstatus 2.0.3
- KUNBUS Revolution Pi webstatus 2.0.4
- KUNBUS Revolution Pi Revolution Pi OS Buster (08/2022)
- KUNBUS Revolution Pi Revolution Pi OS Buster (05/2022)
- KUNBUS Revolution Pi Revolution Pi OS Buster Lite (08/2022)
- KUNBUS Revolution Pi Revolution Pi OS Buster Lite (05/2022)
Workaround
Disable the Apache Webserver serving webstatus and pictory or disable there webroot at the apache configuration.
For products:
- KUNBUS Revolution Pi webstatus up to 2.0.2-1
- KUNBUS Revolution Pi webstatus 2.0.3
- KUNBUS Revolution Pi webstatus 2.0.4
- KUNBUS Revolution Pi Revolution Pi OS Buster (08/2022)
- KUNBUS Revolution Pi Revolution Pi OS Buster (05/2022)
- KUNBUS Revolution Pi Revolution Pi OS Buster Lite (08/2022)
- KUNBUS Revolution Pi Revolution Pi OS Buster Lite (05/2022)
KUNBUS PSIRT
Namespace: https://www.kunbus.com
product-security@kunbus.com
KUNBUS GmbH develops and produces the Revolution Pi Family, Revolution Pi OS and the extension modules for RevPi amongst others. KUNBUS PSIRT is responsible for vulnerability handling across all KUNBUS products and services.
References
- self-reference : https://psirt.kunbus.com/.well-known/csaf/white/2022/kunbus-2022-0000002.json
- HTML-Version : https://www.kunbus.com/en/productsecurity/revolution-pi-multiple-authentication-vulnerabilities-in-webstatus-package
Revision history
| Version | Date of the revision | Summary of the revision |
|---|---|---|
| 1 | 2022-12-20T11:00:00.000Z | Initial Version following the release of a patched version of Webstatus. |
| 2 | 2025-05-07T10:52:02.234257928Z | Added legal disclaimer, modified Publisher Information, and sorted document |
| 3 | 2025-05-07T11:04:54.252444323Z | Added self-reference and Reference to HTML Version |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/
Legal Disclaimer
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. KUNBUS RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.