CVE-2025-26410

Sažetak

The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface. The backdoor user has been removed in firmware BSP >= 6.4.1.

Reference

https://r.sec-consult.com/wattsense
https://support.wattsense.com/hc/en-150/articles/13366066529437-Release-Notes

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

18-02-2025 - 18:15

Objavljeno

11-02-2025 - 10:15