PT-2025-26661 · Unknown · Blue Angel Software Suite

Damiano Proietti

Publicado

2025-06-24

Atualizado

2025-11-17

CVE-2025-34034

CVSS v4.0

9.3

Crítica

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: Blue Angel Software Suite (affected versions not specified)

Description: A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Using Hardcoded Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-798

Identificadores relacionados

CVE-2025-34034

Produtos afetados

Blue Angel Software Suite

PT-2025-26661 · Unknown · Blue Angel Software Suite

CVE-2025-34034

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13