CVE-2025-53842

Summary

Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN firmware all versions. If this vulnerability is exploited, an attacker may tamper with the settings of the device by obtaining the credentials. This vulnerability is caused by an insufficient fix for CVE-2024-39838.

Affected Software

VendorProductVersion RangeStatus
ZEXELON CO., LTD.ZWX-2000CSW2-HNprior to 0.3.19affected
ZEXELON CO., LTD.ZWX-2000CS2-HNall versionsaffected

Weaknesses

  • CWE-798: Use of hard-coded credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References