CWE-798
Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.
CVE-2026-41446 (GCVE-0-2026-41446)
Vulnerability from cvelistv5 – Published: 2026-04-28 21:15 – Updated: 2026-05-14 02:09
VLAI
Title
WattBox 800 & 820 Series < 2.10.0.0 RCE via Diagnostic Endpoints
Summary
Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both of which are printed in plaintext on the physical device label. Attackers with access to the device label or documentation containing these values can authenticate to the several endpoints and execute arbitrary commands as root on the device.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://help.snapone.com/wb-8x0-fw/Content/FW%20R… | release-notespatch |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Snap One, LLC | WattBox 800 |
Affected:
0 , < 2.10.0.0
(custom)
|
|
| Snap One, LLC | WattBox 820 |
Affected:
0 , < 2.10.0.0
(custom)
|
Date Public
2026-03-19 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41446",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-29T15:09:03.107867Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T15:10:09.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WattBox 800",
"vendor": "Snap One, LLC",
"versions": [
{
"lessThan": "2.10.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WattBox 820",
"vendor": "Snap One, LLC",
"versions": [
{
"lessThan": "2.10.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anonymous"
}
],
"datePublic": "2026-03-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both of which are printed in plaintext on the physical device label. Attackers with access to the device label or documentation containing these values can authenticate to the several endpoints and execute arbitrary commands as root on the device."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-912",
"description": "CWE-912 Hidden Functionality",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T02:09:45.480Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"release-notes",
"patch"
],
"url": "https://help.snapone.com/wb-8x0-fw/Content/FW%20RN/8x0/8x0%20series%20FW%20RN.htm"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WattBox 800 \u0026 820 Series \u003c 2.10.0.0 RCE via Diagnostic Endpoints",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-41446",
"datePublished": "2026-04-28T21:15:09.360Z",
"dateReserved": "2026-04-20T16:07:47.308Z",
"dateUpdated": "2026-05-14T02:09:45.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4216 (GCVE-0-2026-4216)
Vulnerability from cvelistv5 – Published: 2026-03-16 05:02 – Updated: 2026-03-16 18:45
VLAI
Title
i-SENS SmartLog App air.SmartLog.android hard-coded credentials
Summary
A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on Android. This affects an unknown function of the component air.SmartLog.android. This manipulation causes hard-coded credentials. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. The vendor explains: "The function referenced in the report currently exists in our deployed system. It is related to a developer mode used during the configuration process for Bluetooth pairing between the blood glucose meter and the SmartLog application. This function is intended for configuration purposes related to device integration and testing. (...) [I]n a future application update, we plan to review measures to either remove the developer mode function or restrict access to it."
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.351140 | vdb-entry |
| https://vuldb.com/?ctiid.351140 | signaturepermissions-required |
| https://vuldb.com/?submit.770497 | third-party-advisory |
| https://www.notion.so/Developer-Mode-Credential-E… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| i-SENS | SmartLog App |
Affected:
2.6.0
Affected: 2.6.1 Affected: 2.6.2 Affected: 2.6.3 Affected: 2.6.4 Affected: 2.6.5 Affected: 2.6.6 Affected: 2.6.7 Affected: 2.6.8 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4216",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T18:44:59.397464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T18:45:09.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"air.SmartLog.android"
],
"product": "SmartLog App",
"vendor": "i-SENS",
"versions": [
{
"status": "affected",
"version": "2.6.0"
},
{
"status": "affected",
"version": "2.6.1"
},
{
"status": "affected",
"version": "2.6.2"
},
{
"status": "affected",
"version": "2.6.3"
},
{
"status": "affected",
"version": "2.6.4"
},
{
"status": "affected",
"version": "2.6.5"
},
{
"status": "affected",
"version": "2.6.6"
},
{
"status": "affected",
"version": "2.6.7"
},
{
"status": "affected",
"version": "2.6.8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "fxizenta (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on Android. This affects an unknown function of the component air.SmartLog.android. This manipulation causes hard-coded credentials. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. The vendor explains: \"The function referenced in the report currently exists in our deployed system. It is related to a developer mode used during the configuration process for Bluetooth pairing between the blood glucose meter and the SmartLog application. This function is intended for configuration purposes related to device integration and testing. (...) [I]n a future application update, we plan to review measures to either remove the developer mode function or restrict access to it.\""
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T05:02:08.472Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-351140 | i-SENS SmartLog App air.SmartLog.android hard-coded credentials",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.351140"
},
{
"name": "VDB-351140 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.351140"
},
{
"name": "Submit #770497 | i-SENS SmartLog(air.SmartLog.android) 2.6.8 Developer Mode Credential Exposure",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.770497"
},
{
"tags": [
"exploit"
],
"url": "https://www.notion.so/Developer-Mode-Credential-Exposure-in-air-SmartLog-android-3182de3f97fb80f1abb7e958be2940fa?source=copy_link"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-15T16:15:50.000Z",
"value": "VulDB entry last update"
}
],
"title": "i-SENS SmartLog App air.SmartLog.android hard-coded credentials"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-4216",
"datePublished": "2026-03-16T05:02:08.472Z",
"dateReserved": "2026-03-15T15:09:22.212Z",
"dateUpdated": "2026-03-16T18:45:09.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4219 (GCVE-0-2026-4219)
Vulnerability from cvelistv5 – Published: 2026-03-16 06:02 – Updated: 2026-03-16 15:27
VLAI
Title
INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App ae.index.apgcs BuildConfig.java hard-coded credentials
Summary
A flaw has been found in INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App up to 1.0.2 on Android. Affected by this vulnerability is an unknown functionality of the file com/index/event/BuildConfig.java of the component ae.index.apgcs. Executing a manipulation of the argument ACCESS_KEY/HASH_KEY can lead to hard-coded credentials. The attack is restricted to local execution. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.351143 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.351143 | signaturepermissions-required |
| https://vuldb.com/?submit.770513 | third-party-advisory |
| https://www.notion.so/Authorization-Credentials-i… | exploit |
| https://www.notion.so/Authorization-Credentials-i… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| INDEX Conferences & Exhibitions Organization | YWF BPOF APGCS App |
Affected:
1.0.0
Affected: 1.0.1 Affected: 1.0.2 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4219",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T15:26:02.872319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T15:27:30.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.notion.so/Authorization-Credentials-in-ae-index-apgcs-Lead-to-Exposure-of-Backend-Secrets-3172de3f97fb8040bc30c5519a742251"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"ae.index.apgcs"
],
"product": "YWF BPOF APGCS App",
"vendor": "INDEX Conferences \u0026 Exhibitions Organization",
"versions": [
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "fxizenta (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in INDEX Conferences \u0026 Exhibitions Organization YWF BPOF APGCS App up to 1.0.2 on Android. Affected by this vulnerability is an unknown functionality of the file com/index/event/BuildConfig.java of the component ae.index.apgcs. Executing a manipulation of the argument ACCESS_KEY/HASH_KEY can lead to hard-coded credentials. The attack is restricted to local execution. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T06:02:08.055Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-351143 | INDEX Conferences \u0026 Exhibitions Organization YWF BPOF APGCS App ae.index.apgcs BuildConfig.java hard-coded credentials",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.351143"
},
{
"name": "VDB-351143 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.351143"
},
{
"name": "Submit #770513 | INDEX Conferences \u0026 Exhibitions Organization L.L.C YWF | BPOF | APGCS 1.0.2 Authorization Credential Exposure",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.770513"
},
{
"tags": [
"exploit"
],
"url": "https://www.notion.so/Authorization-Credentials-in-ae-index-apgcs-Lead-to-Exposure-of-Backend-Secrets-3172de3f97fb8040bc30c5519a742251?source=copy_link"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-15T17:30:38.000Z",
"value": "VulDB entry last update"
}
],
"title": "INDEX Conferences \u0026 Exhibitions Organization YWF BPOF APGCS App ae.index.apgcs BuildConfig.java hard-coded credentials"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-4219",
"datePublished": "2026-03-16T06:02:08.055Z",
"dateReserved": "2026-03-15T16:25:29.066Z",
"dateUpdated": "2026-03-16T15:27:30.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42251 (GCVE-0-2026-42251)
Vulnerability from cvelistv5 – Published: 2026-06-01 13:22 – Updated: 2026-06-01 15:29
VLAI
Title
Hard-coded credentials in KS-SOMED
Summary
Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a legitimate update.
This issue affects KS-SOMED with modules: KSPLUPDFTP.exe up to 30.00.00.056 and ANEKSKLIENT.EXE up to 29.00.02.026
Beside removing the hard-coded credentials from the code and changing the update process, access granted by previously exposed credentials was limited to read-only.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://cert.pl/posts/2026/06/CVE-2026-1958 | third-party-advisory |
| https://kamsoft.pl/ks-somed/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42251",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T15:29:10.412992Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T15:29:24.327Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"KSPLUPDFTP.exe"
],
"product": "KS-SOMED",
"vendor": "KAMSOFT",
"versions": [
{
"lessThanOrEqual": "30.00.00.056",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"ANEKSKLIENT.EXE"
],
"product": "KS-SOMED",
"vendor": "KAMSOFT",
"versions": [
{
"lessThanOrEqual": "29.00.02.026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wojciech Gie\u0142da"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application\u0027s update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a legitimate update.\u003cbr\u003e\u003cbr\u003eThis issue affects KS-SOMED with modules: KSPLUPDFTP.exe up to 30.00.00.056 and\u0026nbsp;ANEKSKLIENT.EXE up to\u0026nbsp;29.00.02.026\u003cbr\u003e\u003cbr\u003eBeside removing the hard-coded credentials from the code and changing the update process, access granted by previously exposed credentials was limited to read-only.\u003cbr\u003e"
}
],
"value": "Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application\u0027s update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a legitimate update.\n\nThis issue affects KS-SOMED with modules: KSPLUPDFTP.exe up to 30.00.00.056 and\u00a0ANEKSKLIENT.EXE up to\u00a029.00.02.026\n\nBeside removing the hard-coded credentials from the code and changing the update process, access granted by previously exposed credentials was limited to read-only."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T13:22:54.258Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2026/06/CVE-2026-1958"
},
{
"tags": [
"product"
],
"url": "https://kamsoft.pl/ks-somed/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Hard-coded credentials in KS-SOMED",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2026-42251",
"datePublished": "2026-06-01T13:22:54.258Z",
"dateReserved": "2026-04-25T11:31:56.229Z",
"dateUpdated": "2026-06-01T15:29:24.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42372 (GCVE-0-2026-42372)
Vulnerability from cvelistv5 – Published: 2026-05-04 15:53 – Updated: 2026-05-05 03:56 Unsupported When Assigned
VLAI
Title
D-Link DIR-605L A1 Hardcoded Telnet Backdoor Credentials
Summary
D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35_dlwbr_dir605l" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches.
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link | DIR-605L Firmware |
Affected:
A1
(custom)
cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:* |
Date Public
2026-04-24 15:17
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42372",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-04T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T03:56:24.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.securin.io/zero-day/cve-2026-42372-hardcoded-telnet-backdoor-in-d-link-dir-605l-a1-end-of-life-"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"platforms": [
"MIPS32 Big-Endian"
],
"product": "DIR-605L Firmware",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "A1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Arjun Basnet From Securin Labs"
}
],
"datePublic": "2026-04-24T15:17:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eD-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username \"Alphanetworks\" and the static password \"wrgn35_dlwbr_dir605l\" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches.\u0026nbsp;\u003c/p\u003e"
}
],
"value": "D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username \"Alphanetworks\" and the static password \"wrgn35_dlwbr_dir605l\" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T15:53:30.817Z",
"orgId": "33c584b5-0579-4c06-b2a0-8d8329fcab9c",
"shortName": "securin"
},
"references": [
{
"name": "D-Link DIR-605L Support Page",
"url": "https://www.securin.io/zero-day/cve-2026-42372-hardcoded-telnet-backdoor-in-d-link-dir-605l-a1-end-of-life-"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "D-Link DIR-605L A1 Hardcoded Telnet Backdoor Credentials",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis product is End-of-Life and will NOT receive patches. Users should replace the device. Temporary: connect via backdoor and run \"killall telnetd\" and \"iptables -A INPUT -p tcp --dport 23 -j DROP\" (lost on reboot).\u003c/p\u003e"
}
],
"value": "This product is End-of-Life and will NOT receive patches. Users should replace the device. Temporary: connect via backdoor and run \"killall telnetd\" and \"iptables -A INPUT -p tcp --dport 23 -j DROP\" (lost on reboot)."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "33c584b5-0579-4c06-b2a0-8d8329fcab9c",
"assignerShortName": "securin",
"cveId": "CVE-2026-42372",
"datePublished": "2026-05-04T15:53:30.817Z",
"dateReserved": "2026-04-27T06:21:56.901Z",
"dateUpdated": "2026-05-05T03:56:24.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42373 (GCVE-0-2026-42373)
Vulnerability from cvelistv5 – Published: 2026-05-04 15:57 – Updated: 2026-05-05 12:43 Unsupported When Assigned
VLAI
Title
D-Link DIR-605L B2 Hardcoded Telnet Backdoor Credentials
Summary
D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn76_dlwbr_dir605L" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link | DIR-605L Firmware |
Affected:
B2
(custom)
cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:* |
Date Public
2026-04-24 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42373",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T03:56:23.980105Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T12:43:39.653Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.securin.io/zero-day/cve-2026-42373-hardcoded-telnet-backdoor-in-d-link-dir-605l-b2-end-of-life-"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"platforms": [
"MIPS32 Big-Endian"
],
"product": "DIR-605L Firmware",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "B2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Arjun Basnet from Securin Labs"
}
],
"datePublic": "2026-04-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eD-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username \"Alphanetworks\" and the static password \"wrgn76_dlwbr_dir605L\" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches.\u003c/p\u003e"
}
],
"value": "D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username \"Alphanetworks\" and the static password \"wrgn76_dlwbr_dir605L\" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T15:57:31.057Z",
"orgId": "33c584b5-0579-4c06-b2a0-8d8329fcab9c",
"shortName": "securin"
},
"references": [
{
"name": "D-Link DIR-605L B2 Hardcoded Telnet Backdoor - Securin Advisory",
"url": "https://www.securin.io/zero-day/cve-2026-42373-hardcoded-telnet-backdoor-in-d-link-dir-605l-b2-end-of-life-"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "D-Link DIR-605L B2 Hardcoded Telnet Backdoor Credentials",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis product is End-of-Life (EOL) and will NOT receive patches. Users should replace the device. Temporary: connect via backdoor and run \"killall telnetd\" and \"iptables -A INPUT -p tcp --dport 23 -j DROP\" (lost on reboot).\u003c/p\u003e"
}
],
"value": "This product is End-of-Life (EOL) and will NOT receive patches. Users should replace the device. Temporary: connect via backdoor and run \"killall telnetd\" and \"iptables -A INPUT -p tcp --dport 23 -j DROP\" (lost on reboot)."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "33c584b5-0579-4c06-b2a0-8d8329fcab9c",
"assignerShortName": "securin",
"cveId": "CVE-2026-42373",
"datePublished": "2026-05-04T15:57:31.057Z",
"dateReserved": "2026-04-27T06:21:56.901Z",
"dateUpdated": "2026-05-05T12:43:39.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42374 (GCVE-0-2026-42374)
Vulnerability from cvelistv5 – Published: 2026-05-04 16:00 – Updated: 2026-05-05 12:43 Unsupported When Assigned
VLAI
Title
D-Link DIR-600L B1 Hardcoded Telnet Backdoor Credentials
Summary
D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn61_dlwbr_dir600L" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link | DIR-600L Firmware |
Affected:
B1
(custom)
cpe:2.3:o:dlink:dir-600l_firmware:*:*:*:*:*:*:*:* |
Date Public
2026-04-24 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42374",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T03:56:22.870524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T12:43:29.118Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.securin.io/zero-day/cve-2026-42374-hardcoded-telnet-backdoor-in-d-link-dir-600l-b1-end-of-life-"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:dlink:dir-600l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"platforms": [
"MIPS32 Big-Endian"
],
"product": "DIR-600L Firmware",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "B1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Arjun Basnet from Securin Labs"
}
],
"datePublic": "2026-04-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eD-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username \"Alphanetworks\" and the static password \"wrgn61_dlwbr_dir600L\" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control.\u0026nbsp; The device has reached End-of-Life (EOL) and will not receive patches.\u003c/p\u003e"
}
],
"value": "D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username \"Alphanetworks\" and the static password \"wrgn61_dlwbr_dir600L\" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control.\u00a0 The device has reached End-of-Life (EOL) and will not receive patches."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T16:00:15.244Z",
"orgId": "33c584b5-0579-4c06-b2a0-8d8329fcab9c",
"shortName": "securin"
},
"references": [
{
"name": "D-Link DIR-600L B1 Hardcoded Telnet Backdoor - Securin Advisory",
"url": "https://www.securin.io/zero-day/cve-2026-42374-hardcoded-telnet-backdoor-in-d-link-dir-600l-b1-end-of-life-"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "D-Link DIR-600L B1 Hardcoded Telnet Backdoor Credentials",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis product is End-of-Life (EOL) and will NOT receive patches. Users should replace the device. Temporary: connect via backdoor and run \"killall telnetd\" and \"iptables -A INPUT -p tcp --dport 23 -j DROP\" (lost on reboot).\u003c/p\u003e"
}
],
"value": "This product is End-of-Life (EOL) and will NOT receive patches. Users should replace the device. Temporary: connect via backdoor and run \"killall telnetd\" and \"iptables -A INPUT -p tcp --dport 23 -j DROP\" (lost on reboot)."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "33c584b5-0579-4c06-b2a0-8d8329fcab9c",
"assignerShortName": "securin",
"cveId": "CVE-2026-42374",
"datePublished": "2026-05-04T16:00:15.244Z",
"dateReserved": "2026-04-27T06:21:56.902Z",
"dateUpdated": "2026-05-05T12:43:29.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42375 (GCVE-0-2026-42375)
Vulnerability from cvelistv5 – Published: 2026-05-04 16:02 – Updated: 2026-05-05 12:43 Unsupported When Assigned
VLAI
Title
D-Link DIR-600L A1 Hardcoded Telnet Backdoor Credentials
Summary
D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35_dlwbr_dir600l" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link | DIR-600L Firmware |
Affected:
A1
(custom)
cpe:2.3:o:dlink:dir-600l_firmware:*:*:*:*:*:*:*:* |
Date Public
2026-04-24 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42375",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T03:56:21.727703Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T12:43:07.508Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.securin.io/zero-day/cve-2026-42375-hardcoded-telnet-backdoor-in-d-link-dir-600l-a1-end-of-life-"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:dlink:dir-600l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"platforms": [
"MIPS32 Big-Endian"
],
"product": "DIR-600L Firmware",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "A1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Arjun Basnet from Securin Labs"
}
],
"datePublic": "2026-04-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eD-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username \"Alphanetworks\" and the static password \"wrgn35_dlwbr_dir600l\" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches.\u003c/p\u003e"
}
],
"value": "D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username \"Alphanetworks\" and the static password \"wrgn35_dlwbr_dir600l\" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T16:02:17.044Z",
"orgId": "33c584b5-0579-4c06-b2a0-8d8329fcab9c",
"shortName": "securin"
},
"references": [
{
"name": "D-Link DIR-600L A1 Hardcoded Telnet Backdoor - Securin Advisory",
"url": "https://www.securin.io/zero-day/cve-2026-42375-hardcoded-telnet-backdoor-in-d-link-dir-600l-a1-end-of-life-"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "D-Link DIR-600L A1 Hardcoded Telnet Backdoor Credentials",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis product is End-of-Life and will NOT receive patches. Users should replace the device. Temporary: connect via backdoor and run \"killall telnetd\" and \"iptables -A INPUT -p tcp --dport 23 -j DROP\" (lost on reboot).\u003c/p\u003e"
}
],
"value": "This product is End-of-Life and will NOT receive patches. Users should replace the device. Temporary: connect via backdoor and run \"killall telnetd\" and \"iptables -A INPUT -p tcp --dport 23 -j DROP\" (lost on reboot)."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "33c584b5-0579-4c06-b2a0-8d8329fcab9c",
"assignerShortName": "securin",
"cveId": "CVE-2026-42375",
"datePublished": "2026-05-04T16:02:17.044Z",
"dateReserved": "2026-04-27T06:21:56.902Z",
"dateUpdated": "2026-05-05T12:43:07.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42376 (GCVE-0-2026-42376)
Vulnerability from cvelistv5 – Published: 2026-05-04 16:03 – Updated: 2026-05-04 16:32 Unsupported When Assigned
VLAI
Title
D-Link DIR-456U A1 Hardcoded Telnet Backdoor Credentials
Summary
D-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /etc/init0.d/S80telnetd.sh with the username "Alphanetworks" and the static password "whdrv01_dlob_dir456U" read from /etc/config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link | DIR-456U Firmware |
Affected:
A1
(custom)
cpe:2.3:o:dlink:dir-456u_firmware:*:*:*:*:*:*:*:* |
Date Public
2026-04-24 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42376",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-04T16:32:05.738044Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T16:32:10.149Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.securin.io/zero-day/cve-2026-42376-hardcoded-telnet-backdoor-in-d-link-dir-456u-a1-end-of-life-"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:dlink:dir-456u_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"platforms": [
"MIPS32 Little-Endian"
],
"product": "DIR-456U Firmware",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "A1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Arjun Basnet from Securin Labs"
}
],
"datePublic": "2026-04-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eD-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /etc/init0.d/S80telnetd.sh with the username \"Alphanetworks\" and the static password \"whdrv01_dlob_dir456U\" read from /etc/config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches.\u003c/p\u003e"
}
],
"value": "D-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /etc/init0.d/S80telnetd.sh with the username \"Alphanetworks\" and the static password \"whdrv01_dlob_dir456U\" read from /etc/config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T16:03:59.473Z",
"orgId": "33c584b5-0579-4c06-b2a0-8d8329fcab9c",
"shortName": "securin"
},
"references": [
{
"name": "D-Link DIR-456U A1 Hardcoded Telnet Backdoor - Securin Advisory",
"url": "https://www.securin.io/zero-day/cve-2026-42376-hardcoded-telnet-backdoor-in-d-link-dir-456u-a1-end-of-life-"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "D-Link DIR-456U A1 Hardcoded Telnet Backdoor Credentials",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis product is End-of-Life (EOL) and will NOT receive patches. Users should replace the device. Temporary: connect via backdoor and run \"killall telnetd\" and \"iptables -A INPUT -p tcp --dport 23 -j DROP\" (lost on reboot).\u003c/p\u003e"
}
],
"value": "This product is End-of-Life (EOL) and will NOT receive patches. Users should replace the device. Temporary: connect via backdoor and run \"killall telnetd\" and \"iptables -A INPUT -p tcp --dport 23 -j DROP\" (lost on reboot)."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "33c584b5-0579-4c06-b2a0-8d8329fcab9c",
"assignerShortName": "securin",
"cveId": "CVE-2026-42376",
"datePublished": "2026-05-04T16:03:59.473Z",
"dateReserved": "2026-04-27T06:21:56.902Z",
"dateUpdated": "2026-05-04T16:32:10.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42869 (GCVE-0-2026-42869)
Vulnerability from cvelistv5 – Published: 2026-05-11 18:39 – Updated: 2026-05-12 13:27
VLAI
Title
SOCFortress CoPilot: Hardcoded JWT secret allows unauthenticated full admin compromise and lateral movement into all integrated SOC tools
Summary
SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Prior to 0.1.57, SOCFortress CoPilot ships a hardcoded JWT signing secret as a fallback value in backend/app/auth/utils.py:28 and ships it verbatim in .env.example. Any deployment where JWT_SECRET is not explicitly set — including the default Docker Compose setup — signs all authentication tokens with this publicly known value. An unauthenticated attacker can forge arbitrary admin-scoped JWTs and gain full control of the application and every security tool it manages without any credentials. This vulnerability is fixed in 0.1.57.
Severity
10 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/socfortress/CoPilot/security/a… | x_refsource_CONFIRM |
| https://github.com/socfortress/CoPilot/pull/814 | x_refsource_MISC |
| https://github.com/socfortress/CoPilot/commit/464… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| socfortress | CoPilot |
Affected:
< 0.1.57
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42869",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-12T13:27:13.898141Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T13:27:25.252Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/socfortress/CoPilot/security/advisories/GHSA-4gxj-hw3c-3x2x"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CoPilot",
"vendor": "socfortress",
"versions": [
{
"status": "affected",
"version": "\u003c 0.1.57"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Prior to 0.1.57, SOCFortress CoPilot ships a hardcoded JWT signing secret as a fallback value in backend/app/auth/utils.py:28 and ships it verbatim in .env.example. Any deployment where JWT_SECRET is not explicitly set \u2014 including the default Docker Compose setup \u2014 signs all authentication tokens with this publicly known value. An unauthenticated attacker can forge arbitrary admin-scoped JWTs and gain full control of the application and every security tool it manages without any credentials. This vulnerability is fixed in 0.1.57."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T18:39:28.664Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/socfortress/CoPilot/security/advisories/GHSA-4gxj-hw3c-3x2x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/socfortress/CoPilot/security/advisories/GHSA-4gxj-hw3c-3x2x"
},
{
"name": "https://github.com/socfortress/CoPilot/pull/814",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/socfortress/CoPilot/pull/814"
},
{
"name": "https://github.com/socfortress/CoPilot/commit/4640511a0cf2e7b144a71375b5b349a8318cb186",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/socfortress/CoPilot/commit/4640511a0cf2e7b144a71375b5b349a8318cb186"
}
],
"source": {
"advisory": "GHSA-4gxj-hw3c-3x2x",
"discovery": "UNKNOWN"
},
"title": "SOCFortress CoPilot: Hardcoded JWT secret allows unauthenticated full admin compromise and lateral movement into all integrated SOC tools"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42869",
"datePublished": "2026-05-11T18:39:28.664Z",
"dateReserved": "2026-04-30T18:49:06.710Z",
"dateUpdated": "2026-05-12T13:27:25.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Architecture and Design
Description:
- For outbound authentication: store passwords, keys, and other credentials outside of the code in a strongly-protected, encrypted configuration file or database that is protected from access by all outsiders, including other local users on the same system. Properly protect the key (CWE-320). If you cannot use encryption to protect the file, then make sure that the permissions are as restrictive as possible [REF-7].
- In Windows environments, the Encrypted File System (EFS) may provide some protection.
Mitigation
Phase: Architecture and Design
Description:
- For inbound authentication: Rather than hard-code a default username and password, key, or other authentication credentials for first time logins, utilize a "first login" mode that requires the user to enter a unique strong password or key.
Mitigation
Phase: Architecture and Design
Description:
- If the product must contain hard-coded credentials or they cannot be removed, perform access control checks and limit which entities can access the feature that requires the hard-coded credentials. For example, a feature might only be enabled through the system console instead of through a network connection.
Mitigation
Phase: Architecture and Design
Description:
- For inbound authentication using passwords: apply strong one-way hashes to passwords and store those hashes in a configuration file or database with appropriate access control. That way, theft of the file/database still requires the attacker to try to crack the password. When handling an incoming password during authentication, take the hash of the password and compare it to the saved hash.
- Use randomly assigned salts for each separate hash that is generated. This increases the amount of computation that an attacker needs to conduct a brute-force attack, possibly limiting the effectiveness of the rainbow table method.
Mitigation
Phase: Architecture and Design
Description:
- For front-end to back-end connections: Three solutions are possible, although none are complete.
- The first suggestion involves the use of generated passwords or keys that are changed automatically and must be entered at given time intervals by a system administrator. These passwords will be held in memory and only be valid for the time intervals.
- Next, the passwords or keys should be limited at the back end to only performing actions valid for the front end, as opposed to having full access.
- Finally, the messages sent should be tagged and checksummed with time sensitive values so as to prevent replay-style attacks.
CAPEC-191: Read Sensitive Constants Within an Executable
An adversary engages in activities to discover any sensitive constants present within the compiled code of an executable. These constants may include literal ASCII strings within the file itself, or possibly strings hard-coded into particular routines that can be revealed by code refactoring methods including static and dynamic analysis.
CAPEC-70: Try Common or Default Usernames and Passwords
An adversary may try certain common or default usernames and passwords to gain access into the system and perform unauthorized actions. An adversary may try an intelligent brute force using empty passwords, known vendor default credentials, as well as a dictionary of common usernames and passwords. Many vendor products come preconfigured with default (and thus well-known) usernames and passwords that should be deleted prior to usage in a production environment. It is a common mistake to forget to remove these default login credentials. Another problem is that users would pick very simple (common) passwords (e.g. "secret" or "password") that make it easier for the attacker to gain access to the system compared to using a brute force attack or even a dictionary attack using a full dictionary.