CVE-2025-2766

EPSS 0.05%
Veröffentlicht 06.06.2025 18:53:31
Zuletzt bearbeitet 18.08.2025 16:00:44
Quelle zdi-disclosures@trendmicro.com
Teams Watchlist Login
Unerledigt Login

70mai A510 Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of 70mai A510. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the default configuration of user accounts. The configuration contains default password. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of the root. Was ZDI-CAN-24996.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

70mai ≫ A510 Firmware Version1.0.40ww.2024.04.19

70mai ≫ A510 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.157

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
zdi-disclosures@trendmicro.com	8.8	2.8	5.9	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-1393 Use of Default Password

The product uses default passwords for potentially critical functionality.

https://www.zerodayinitiative.com/advisories/ZDI-25-180/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-2766

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-2766

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-2766

EUVD