PT-2025-51097 · Shinelan · Shinelan-X
Hamid Rahmouni
+1
·
Published
2025-12-13
·
Updated
2025-12-13
·
CVE-2025-36747
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ShineLan-X version 3.6.0.0
Description
The firmware for ShineLan-X contains hard-coded credentials for an FTP server, enabling insecure FTP connections. This allows an attacker to replace legitimate files with malicious versions, as firmware signature verification is not enforced.
Recommendations
Restrict access to the FTP server.
Apply a patch to address the hard-coded credentials.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Shinelan-X