CVE-2025-48413

Name of the Vulnerable Software and Affected Versions The product name cannot be determined.

Description The issue concerns hard-coded password hashes for the operating system "root" user, which are shipped with update files and cannot be deleted or changed by end-users. An attacker can use these credentials to log into the device, potentially via SSH backdoor or physical access, such as through a UART shell.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.