CVE-2025-26410 – Wattsense Bridge Hard-Coded Credentials Disclosure

The following table lists the changes that have been made to the CVE-2025-26410 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics.

  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Feb. 11, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CWE CWE-798
  • New CVE Received by 551230f0-3615-47bd-b7cc-93e92e730bbf

    Feb. 11, 2025

    Action Type Old Value New Value
    Added Description The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface. The backdoor user has been removed in firmware BSP >= 6.4.1.
    Added CWE CWE-798
    Added Reference https://r.sec-consult.com/wattsense
    Added Reference https://support.wattsense.com/hc/en-150/articles/13366066529437-Release-Notes

نوشته های مشابه

CVE-2024-10644 – Ivanti Connect Secure and Ivanti Policy Secure Code Injection Vulnerability

CVE-2024-47908 – Ivanti CSA OS Command Injection Vulnerability

CVE-2025-22467 – Ivanti Connect Secure Stack-Based Buffer Overflow Vulnerability

CVE-2025-24896 – Misskey Persistent Authentication Token Vulnerability