CVE-2025-53842
4.5
CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN firmware all versions. If this vulnerability is exploited, an attacker may tamper with the settings of the device by obtaining the credentials. This vulnerability is caused by an insufficient fix for CVE-2024-39838.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ZEXELON CO., LTD. | ZWX-2000CSW2-HN | prior to 0.3.19 | affected |
| ZEXELON CO., LTD. | ZWX-2000CS2-HN | all versions | affected |
Weaknesses
- CWE-798: Use of hard-coded credentials
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://zexelon.co.jp/pdf/jvn44419726.pdf
- https://jvn.jp/en/jp/JVN44419726/
- https://www.cve.org/CVERecord?id=CVE-2024-39838
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.