CWE-798
Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.
CVE-2025-2342 (GCVE-0-2025-2342)
Vulnerability from cvelistv5 – Published: 2025-03-16 16:00 – Updated: 2025-03-17 14:18
VLAI
Title
IROAD X5 Mobile App API Endpoint hard-coded credentials
Summary
A vulnerability classified as critical has been found in IROAD X5 Mobile App up to 5.2.5 on Android. Affected is an unknown function of the component API Endpoint. The manipulation leads to hard-coded credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
5.3 (Medium)
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.299808 | vdb-entry |
| https://vuldb.com/?ctiid.299808 | signaturepermissions-required |
| https://vuldb.com/?submit.512419 | third-party-advisory |
| https://github.com/geo-chen/IROAD?tab=readme-ov-f… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IROAD | X5 Mobile App |
Affected:
5.2.0
Affected: 5.2.1 Affected: 5.2.2 Affected: 5.2.3 Affected: 5.2.4 Affected: 5.2.5 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T14:18:16.406704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T14:18:23.651Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"API Endpoint"
],
"product": "X5 Mobile App",
"vendor": "IROAD",
"versions": [
{
"status": "affected",
"version": "5.2.0"
},
{
"status": "affected",
"version": "5.2.1"
},
{
"status": "affected",
"version": "5.2.2"
},
{
"status": "affected",
"version": "5.2.3"
},
{
"status": "affected",
"version": "5.2.4"
},
{
"status": "affected",
"version": "5.2.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "geochen (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in IROAD X5 Mobile App up to 5.2.5 on Android. Affected is an unknown function of the component API Endpoint. The manipulation leads to hard-coded credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in IROAD X5 Mobile App bis 5.2.5 f\u00fcr Android entdeckt. Dabei betrifft es einen unbekannter Codeteil der Komponente API Endpoint. Durch die Manipulation mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-16T16:00:07.647Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-299808 | IROAD X5 Mobile App API Endpoint hard-coded credentials",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.299808"
},
{
"name": "VDB-299808 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.299808"
},
{
"name": "Submit #512419 | IROAD Dashcam APK 5.2.5 Plaintext Password in Configuration File",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.512419"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-2-hardcoded-credentials-in-apk-iroad--v525-to-ports-9091-and-9092"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-15T19:27:49.000Z",
"value": "VulDB entry last update"
}
],
"title": "IROAD X5 Mobile App API Endpoint hard-coded credentials"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2342",
"datePublished": "2025-03-16T16:00:07.647Z",
"dateReserved": "2025-03-15T18:22:19.438Z",
"dateUpdated": "2025-03-17T14:18:23.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2343 (GCVE-0-2025-2343)
Vulnerability from cvelistv5 – Published: 2025-03-16 17:31 – Updated: 2025-03-17 14:17
VLAI
Title
IROAD Dash Cam X5/Dash Cam X6 Device Pairing hard-coded credentials
Summary
A vulnerability classified as critical was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this vulnerability is an unknown functionality of the component Device Pairing. The manipulation leads to hard-coded credentials. Access to the local network is required for this attack to succeed. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.299809 | vdb-entry |
| https://vuldb.com/?ctiid.299809 | signaturepermissions-required |
| https://vuldb.com/?submit.516881 | third-party-advisory |
| https://github.com/geo-chen/IROAD#finding-3-bypas… | related |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| IROAD | Dash Cam X5 |
Affected:
20250308
|
|
| IROAD | Dash Cam X6 |
Affected:
20250308
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T14:17:39.884417Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T14:17:49.548Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Device Pairing"
],
"product": "Dash Cam X5",
"vendor": "IROAD",
"versions": [
{
"status": "affected",
"version": "20250308"
}
]
},
{
"modules": [
"Device Pairing"
],
"product": "Dash Cam X6",
"vendor": "IROAD",
"versions": [
{
"status": "affected",
"version": "20250308"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "geochen (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this vulnerability is an unknown functionality of the component Device Pairing. The manipulation leads to hard-coded credentials. Access to the local network is required for this attack to succeed. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In IROAD Dash Cam X5 and Dash Cam X6 bis 20250308 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Komponente Device Pairing. Durch Manipulation mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff im lokalen Netzwerk. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.8,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-16T17:31:04.395Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-299809 | IROAD Dash Cam X5/Dash Cam X6 Device Pairing hard-coded credentials",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.299809"
},
{
"name": "VDB-299809 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.299809"
},
{
"name": "Submit #516881 | IROAD Dashcam X series Authentication Bypass by Primary Weakness",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.516881"
},
{
"tags": [
"related"
],
"url": "https://github.com/geo-chen/IROAD#finding-3-bypassing-of-device-pairing-cwe-798-for-iroad-x-series"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-15T19:27:50.000Z",
"value": "VulDB entry last update"
}
],
"title": "IROAD Dash Cam X5/Dash Cam X6 Device Pairing hard-coded credentials"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2343",
"datePublished": "2025-03-16T17:31:04.395Z",
"dateReserved": "2025-03-15T18:22:22.068Z",
"dateUpdated": "2025-03-17T14:17:49.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2394 (GCVE-0-2025-2394)
Vulnerability from cvelistv5 – Published: 2025-05-23 00:03 – Updated: 2025-09-30 05:50
VLAI
Title
Disclosure of Alibaba (OSS) Keys In Ecovacs Home Android and iOS Mobile Applications
Summary
Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ecovacs | Ecovacs Mobile and Android Application |
Affected:
3.3.0
(iOS, Android)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2394",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T13:16:37.932318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T13:16:47.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Android",
"iOS"
],
"product": "Ecovacs Mobile and Android Application",
"vendor": "Ecovacs",
"versions": [
{
"status": "affected",
"version": "3.3.0",
"versionType": "iOS, Android"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure."
}
],
"value": "Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T05:50:10.557Z",
"orgId": "07aac9b9-e3e9-4d03-a447-764bd31371d7",
"shortName": "TML"
},
"references": [
{
"url": "https://www.themissinglink.com.au/security-advisories/cve-2025-2394"
},
{
"url": "https://www.ecovacs.com/global/userhelp/dsa20250507001"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Disclosure of Alibaba (OSS) Keys In Ecovacs Home Android and iOS Mobile Applications",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "07aac9b9-e3e9-4d03-a447-764bd31371d7",
"assignerShortName": "TML",
"cveId": "CVE-2025-2394",
"datePublished": "2025-05-23T00:03:32.603Z",
"dateReserved": "2025-03-17T03:57:22.902Z",
"dateUpdated": "2025-09-30T05:50:10.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2538 (GCVE-0-2025-2538)
Vulnerability from cvelistv5 – Published: 2025-03-20 20:50 – Updated: 2026-02-26 19:09
VLAI
Title
BUG-000174336
Summary
A hardcoded credential vulnerability exists in a specific deployment pattern for Esri Portal for ArcGIS versions 11.4 and below that may allow a remote unauthenticated attacker to gain administrative access to the system.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Esri | Portal for ArcGIS |
Affected:
All , ≤ 11.4
(Portal for ArcGIS)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2538",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T03:55:59.843956Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:09:20.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Portal for ArcGIS",
"vendor": "Esri",
"versions": [
{
"lessThanOrEqual": "11.4",
"status": "affected",
"version": "All",
"versionType": "Portal for ArcGIS"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\n\n\n\nA hardcoded credential vulnerability exists in a specific deployment pattern for Esri Portal for ArcGIS versions 11.4 and below that may allow a remote unauthenticated attacker\u0026nbsp;to\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003egain administrative access to the system.\u0026nbsp;\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A hardcoded credential vulnerability exists in a specific deployment pattern for Esri Portal for ArcGIS versions 11.4 and below that may allow a remote unauthenticated attacker\u00a0to\u00a0gain administrative access to the system."
}
],
"impacts": [
{
"capecId": "CAPEC-50",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-50 Password Recovery Exploitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T19:57:49.969Z",
"orgId": "cedc17bb-4939-4f40-a1f4-30ae8af1094e",
"shortName": "Esri"
},
"references": [
{
"url": "https://support.esri.com/en-us/patches-updates/2025/portal-for-arcgis-security-2025-update-3-patch"
}
],
"source": {
"defect": [
"BUG-000174336"
],
"discovery": "UNKNOWN"
},
"title": "BUG-000174336",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cedc17bb-4939-4f40-a1f4-30ae8af1094e",
"assignerShortName": "Esri",
"cveId": "CVE-2025-2538",
"datePublished": "2025-03-20T20:50:02.928Z",
"dateReserved": "2025-03-19T20:49:48.646Z",
"dateUpdated": "2026-02-26T19:09:20.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-2556 (GCVE-0-2025-2556)
Vulnerability from cvelistv5 – Published: 2025-03-20 18:00 – Updated: 2025-03-20 19:46
VLAI
Title
Audi UTR Dashcam Video Stream hard-coded credentials
Summary
A vulnerability classified as problematic was found in Audi UTR Dashcam 2.0. Affected by this vulnerability is an unknown functionality of the component Video Stream Handler. The manipulation leads to hard-coded credentials. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. Upgrading to version 2.89 and 2.90 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about these issues and acted very professional. Version 2.89 is fixing this issue for new customers and 2.90 is going to fix it for existing customers.
Severity
4.3 (Medium)
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.300169 | vdb-entry |
| https://vuldb.com/?ctiid.300169 | signaturepermissions-required |
| https://vuldb.com/?submit.513392 | third-party-advisory |
| https://github.com/geo-chen/Audi/blob/main/README… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Audi | UTR Dashcam |
Affected:
2.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2556",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-20T19:46:02.186678Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T19:46:09.193Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Video Stream Handler"
],
"product": "UTR Dashcam",
"vendor": "Audi",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "geochen (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Audi UTR Dashcam 2.0. Affected by this vulnerability is an unknown functionality of the component Video Stream Handler. The manipulation leads to hard-coded credentials. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. Upgrading to version 2.89 and 2.90 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about these issues and acted very professional. Version 2.89 is fixing this issue for new customers and 2.90 is going to fix it for existing customers."
},
{
"lang": "de",
"value": "In Audi UTR Dashcam 2.0 wurde eine problematische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Komponente Video Stream Handler. Dank Manipulation mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff im lokalen Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 2.89 and 2.90 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T18:00:08.572Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-300169 | Audi UTR Dashcam Video Stream hard-coded credentials",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.300169"
},
{
"name": "VDB-300169 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.300169"
},
{
"name": "Submit #513392 | Audi UTR Dashcam 2.0 File and Directory Information Exposure",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.513392"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/geo-chen/Audi/blob/main/README.md#finding-3-rtsp-and-ftp-wide-open"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-20T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-20T11:29:30.000Z",
"value": "VulDB entry last update"
}
],
"title": "Audi UTR Dashcam Video Stream hard-coded credentials"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2556",
"datePublished": "2025-03-20T18:00:08.572Z",
"dateReserved": "2025-03-20T10:24:23.469Z",
"dateUpdated": "2025-03-20T19:46:09.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26398 (GCVE-0-2025-26398)
Vulnerability from cvelistv5 – Published: 2025-08-12 08:10 – Updated: 2026-02-26 17:49
VLAI
Title
SolarWinds Database Performance Analyzer Hard-coded Cryptographic Key Vulnerability
Summary
SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MITM) attack against users. This vulnerability requires additional software not installed by default, local access to the server and administrator level privileges on the host.
Severity
5.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SolarWinds | Database Performance Analyzer |
Affected:
2025.2 and below
|
Date Public
2025-08-11 23:59
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26398",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-13T15:03:59.169314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:49:42.688Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Database Performance Analyzer",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "2025.2 and below"
}
]
}
],
"datePublic": "2025-08-11T23:59:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSolarWinds Database Performance Analyzer was found to \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003econtain\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eM\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eI\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eTM\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e) attack against users. This vulnerability requires \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eadditional\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003esoftware not installed by \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edefault,\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e local access to the server and administrator level privileges\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e on the host.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MITM) attack against users. This vulnerability requires additional software not installed by default, local access to the server and administrator level privileges on the host."
}
],
"impacts": [
{
"capecId": "CAPEC-21",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-21 Exploitation of Trusted Credentials"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T08:10:54.116Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26398"
},
{
"url": "https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2025-3_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends that customers upgrade to SolarWinds \n\n Database Performance Analyzer 2025.3\n\n as soon as it becomes available.\n\n\u003cbr\u003e"
}
],
"value": "SolarWinds recommends that customers upgrade to SolarWinds \n\n Database Performance Analyzer 2025.3\n\n as soon as it becomes available."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SolarWinds Database Performance Analyzer Hard-coded Cryptographic Key Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2025-26398",
"datePublished": "2025-08-12T08:10:54.116Z",
"dateReserved": "2025-02-08T00:19:09.395Z",
"dateUpdated": "2026-02-26T17:49:42.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-26410 (GCVE-0-2025-26410)
Vulnerability from cvelistv5 – Published: 2025-02-11 09:20 – Updated: 2025-11-03 21:12
VLAI
Title
Weak Hard-coded Credentials
Summary
The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface. The backdoor user has been removed in firmware BSP >= 6.4.1.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://r.sec-consult.com/wattsense | third-party-advisory |
| https://support.wattsense.com/hc/en-150/articles/… | release-notes |
| http://seclists.org/fulldisclosure/2025/Feb/9 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Wattsense | Wattsense Bridge |
Affected:
0 , < 6.4.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-26410",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T14:35:57.904824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T18:27:29.653Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:12:53.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Feb/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Wattsense Bridge",
"vendor": "Wattsense",
"versions": [
{
"lessThan": "6.4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Constantin Schieber-Kn\u00f6bl | SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"type": "finder",
"value": "Stefan Schweighofer | SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"type": "finder",
"value": "Steffen Robertz | SEC Consult Vulnerability Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface. The backdoor user has been removed in firmware BSP \u0026gt;= 6.4.1.\u003cbr\u003e"
}
],
"value": "The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface. The backdoor user has been removed in firmware BSP \u003e= 6.4.1."
}
],
"impacts": [
{
"capecId": "CAPEC-653",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-653 Use of Known Operating System Credentials"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T09:20:22.708Z",
"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"shortName": "SEC-VLab"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://r.sec-consult.com/wattsense"
},
{
"tags": [
"release-notes"
],
"url": "https://support.wattsense.com/hc/en-150/articles/13366066529437-Release-Notes"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in recent firmware versions BSP \u0026gt;= 6.4.1."
}
],
"value": "This issue is fixed in recent firmware versions BSP \u003e= 6.4.1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Weak Hard-coded Credentials",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"assignerShortName": "SEC-VLab",
"cveId": "CVE-2025-26410",
"datePublished": "2025-02-11T09:20:22.708Z",
"dateReserved": "2025-02-10T07:48:38.352Z",
"dateUpdated": "2025-11-03T21:12:53.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-27255 (GCVE-0-2025-27255)
Vulnerability from cvelistv5 – Published: 2025-03-10 09:05 – Updated: 2025-03-12 11:10
VLAI
Summary
Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GE Vernova | EnerVista UR Setup |
Affected:
8.42
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27255",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T14:02:30.485876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T14:03:06.938Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EnerVista UR Setup",
"vendor": "GE Vernova",
"versions": [
{
"status": "affected",
"version": "8.42",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code."
}
],
"value": "Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T11:10:21.030Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://www.gevernova.com/grid-solutions/app/DownloadFile.aspx?prod=urfamily\u0026type=21\u0026file=76"
},
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-27255"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2025-27255",
"datePublished": "2025-03-10T09:05:17.222Z",
"dateReserved": "2025-02-21T08:32:26.973Z",
"dateUpdated": "2025-03-12T11:10:21.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27488 (GCVE-0-2025-27488)
Vulnerability from cvelistv5 – Published: 2025-05-13 16:58 – Updated: 2026-02-13 19:21
VLAI
Title
Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability
Summary
Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 HLK version 20H2 |
Affected:
1.0.0 , < 10.1.19041.5609
(custom)
|
|
| Microsoft | Windows 10 HLK version 21H1 |
Affected:
1.0.0 , < 10.1.19041.5609
(custom)
|
|
| Microsoft | Windows 10 HLK version 21H2 |
Affected:
1.0.0 , < 10.1.19041.5609
(custom)
|
|
| Microsoft | Windows 10 HLK Version 22H2 |
Affected:
1.0.0 , < 10.1.19041.5609
(custom)
|
|
| Microsoft | Windows 11 HLK 22H2 |
Affected:
1.0.0 , < 10.1.22621.5040
(custom)
|
|
| Microsoft | Windows 11 HLK 24H2 |
Affected:
1.0.0 , < 10.1.26100.3478
(custom)
|
|
| Microsoft | Windows HLK for Windows 10 version 2004 |
Affected:
1.0.0 , < 10.1.19041.5609
(custom)
|
|
| Microsoft | Windows HLK for Windows Server 2019 |
Affected:
1.0.0 , < 10.1.17763.7010
(custom)
|
|
| Microsoft | Windows HLK for Windows Server 2022 |
Affected:
1.0.0 , < 10.1.20348.3330
(custom)
|
|
| Microsoft | Windows HLK for Windows Server 2025 |
Affected:
1.0.0 , < 10.1.26100.3478
(custom)
|
|
| Microsoft | Windows HLK, version 1809 |
Affected:
1.0.0 , < 10.1.17763.7010
(custom)
|
Date Public
2025-05-13 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27488",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T18:13:48.880230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T18:13:57.657Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Windows 10 HLK version 20H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.1.19041.5609",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 10 HLK version 21H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.1.19041.5609",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 10 HLK version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.1.19041.5609",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 10 HLK Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.1.19041.5609",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 HLK 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.1.22621.5040",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 HLK 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.1.26100.3478",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Windows HLK for Windows 10 version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.1.19041.5609",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Windows HLK for Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.1.17763.7010",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Windows HLK for Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.1.20348.3330",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Windows HLK for Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.1.26100.3478",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Windows HLK, version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.1.17763.7010",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_hlk_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.1.26100.3478",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_hlk_24H2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.1.26100.3478",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_hlk_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.1.17763.7010",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_hlk_21H1:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.1.19041.5609",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_hlk_22H2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.1.22621.5040",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_hlk_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.1.20348.3330",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_hlk_20H2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.1.19041.5609",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_hlk_22H2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.1.19041.5609",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_hlk_21H2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.1.19041.5609",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_hlk_2004:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.1.19041.5609",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_hlk_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.1.17763.7010",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-05-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T19:21:16.843Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27488"
}
],
"title": "Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-27488",
"datePublished": "2025-05-13T16:58:55.126Z",
"dateReserved": "2025-02-26T14:42:05.978Z",
"dateUpdated": "2026-02-13T19:21:16.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-2765 (GCVE-0-2025-2765)
Vulnerability from cvelistv5 – Published: 2025-04-23 16:48 – Updated: 2025-04-23 18:05
VLAI
Title
CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability
Summary
CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the configuration of the wireless hotspot. The issue results from the use of hard-coded credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-24349.
Severity
7.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CarlinKit | CPC200-CCPA |
Affected:
2024.01.19.1541
|
Date Public
2025-03-25 23:21
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2765",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T18:05:29.830520Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:05:38.533Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "CPC200-CCPA",
"vendor": "CarlinKit",
"versions": [
{
"status": "affected",
"version": "2024.01.19.1541"
}
]
}
],
"dateAssigned": "2025-03-24T19:42:55.084Z",
"datePublic": "2025-03-25T23:21:53.382Z",
"descriptions": [
{
"lang": "en",
"value": "CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the configuration of the wireless hotspot. The issue results from the use of hard-coded credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-24349."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:48:56.902Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-177",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-177/"
}
],
"source": {
"lang": "en",
"value": "Aaron Luo and Spencer Hsieh of VicOne"
},
"title": "CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-2765",
"datePublished": "2025-04-23T16:48:56.902Z",
"dateReserved": "2025-03-24T19:42:55.056Z",
"dateUpdated": "2025-04-23T18:05:38.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- For outbound authentication: store passwords, keys, and other credentials outside of the code in a strongly-protected, encrypted configuration file or database that is protected from access by all outsiders, including other local users on the same system. Properly protect the key (CWE-320). If you cannot use encryption to protect the file, then make sure that the permissions are as restrictive as possible [REF-7].
- In Windows environments, the Encrypted File System (EFS) may provide some protection.
Mitigation
Phase: Architecture and Design
Description:
- For inbound authentication: Rather than hard-code a default username and password, key, or other authentication credentials for first time logins, utilize a "first login" mode that requires the user to enter a unique strong password or key.
Mitigation
Phase: Architecture and Design
Description:
- If the product must contain hard-coded credentials or they cannot be removed, perform access control checks and limit which entities can access the feature that requires the hard-coded credentials. For example, a feature might only be enabled through the system console instead of through a network connection.
Mitigation
Phase: Architecture and Design
Description:
- For inbound authentication using passwords: apply strong one-way hashes to passwords and store those hashes in a configuration file or database with appropriate access control. That way, theft of the file/database still requires the attacker to try to crack the password. When handling an incoming password during authentication, take the hash of the password and compare it to the saved hash.
- Use randomly assigned salts for each separate hash that is generated. This increases the amount of computation that an attacker needs to conduct a brute-force attack, possibly limiting the effectiveness of the rainbow table method.
Mitigation
Phase: Architecture and Design
Description:
- For front-end to back-end connections: Three solutions are possible, although none are complete.
- The first suggestion involves the use of generated passwords or keys that are changed automatically and must be entered at given time intervals by a system administrator. These passwords will be held in memory and only be valid for the time intervals.
- Next, the passwords or keys should be limited at the back end to only performing actions valid for the front end, as opposed to having full access.
- Finally, the messages sent should be tagged and checksummed with time sensitive values so as to prevent replay-style attacks.
CAPEC-191: Read Sensitive Constants Within an Executable
An adversary engages in activities to discover any sensitive constants present within the compiled code of an executable. These constants may include literal ASCII strings within the file itself, or possibly strings hard-coded into particular routines that can be revealed by code refactoring methods including static and dynamic analysis.
CAPEC-70: Try Common or Default Usernames and Passwords
An adversary may try certain common or default usernames and passwords to gain access into the system and perform unauthorized actions. An adversary may try an intelligent brute force using empty passwords, known vendor default credentials, as well as a dictionary of common usernames and passwords. Many vendor products come preconfigured with default (and thus well-known) usernames and passwords that should be deleted prior to usage in a production environment. It is a common mistake to forget to remove these default login credentials. Another problem is that users would pick very simple (common) passwords (e.g. "secret" or "password") that make it easier for the attacker to gain access to the system compared to using a brute force attack or even a dictionary attack using a full dictionary.