← Volver a CVEs
CVE-2025-34034
HIGH8.8
Descripcion
A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-26 UTC.
Detalles CVE
Puntuacion CVSS v3.18.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado6/24/2025
Ultima modificacion11/20/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
5vtechnologies:blue_angel_software_suite
Debilidades (CWE)
CWE-798
Referencias
https://vulncheck.com/advisories/5vtechnologies-blue-angel-hardcoded-credentials(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/46792(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/46792(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.