← Zuruck zu CVEs
CVE-2025-34034
HIGH8.8
Beschreibung
A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-26 UTC.
CVE Details
CVSS v3.1 Bewertung8.8
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht6/24/2025
Zuletzt geandert11/20/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
5vtechnologies:blue_angel_software_suite
Schwachen (CWE)
CWE-798
Referenzen
https://vulncheck.com/advisories/5vtechnologies-blue-angel-hardcoded-credentials(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/46792(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/46792(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.