CVE-2025-34034

5VTechnologies Blue Angel Software Suite Hardcoded Credentials

CVSS 9.3 CRITICALEPSS 0.6%CWE-798

Vexday Risk Score

28Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 9.3EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

24 jun 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-26 UTC.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

5VTechnologies · Blue Angel Software Suite

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://vulncheck.com/advisories/5vtechnologies-blue-angel-hardcoded-credentials https://www.exploit-db.com/exploits/46792