Jaarden

**Name of the Vulnerable Software and Affected Versions** Alpha Innotec Heatpumps versions prior to V2.88.3 Alpha Innotec Heatpumps versions prior to V3.89.0 Alpha Innotec Heatpumps versions prior to V4.81.3 Novelan Heatpumps versions prior to V2.88.3 Novelan Heatpumps versions prior to V3.89.0 Novelan Heatpumps versions prior to V4.81.3 **Description** The issue is related to the use of hardcoded credentials in the wp2reg-V3.88.0-9015 file, allowing a remote attacker to gain full access to the device. The vulnerability can be exploited to execute arbitrary code via the password component in the shadow file. **Recommendations** For Alpha Innotec Heatpumps versions prior to V2.88.3, update to V2.88.3 or later. For Alpha Innotec Heatpumps versions prior to V3.89.0, update to V3.89.0 or later. For Alpha Innotec Heatpumps versions prior to V4.81.3, update to V4.81.3 or later. For Novelan Heatpumps versions prior to V2.88.3, update to V2.88.3 or later. For Novelan Heatpumps versions prior to V3.89.0, update to V3.89.0 or later. For Novelan Heatpumps versions prior to V4.81.3, update to V4.81.3 or later.