← Back to CVEs
CVE-2025-34034
HIGH8.8
Description
A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-26 UTC.
CVE Details
CVSS v3.1 Score8.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published6/24/2025
Last Modified11/20/2025
Sourcenvd
Honeypot Sightings0
Affected Products
5vtechnologies:blue_angel_software_suite
Weaknesses (CWE)
CWE-798
References
https://vulncheck.com/advisories/5vtechnologies-blue-angel-hardcoded-credentials(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/46792(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/46792(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.