CVE-2025-2766
BaseFortify
Publication date: 2025-06-06
Last updated on: 2025-08-18
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| 70mai | a510_firmware | 1.0.40ww.2024.04.19 |
| 70mai | a510 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1393 | The product uses default passwords for potentially critical functionality. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the 70mai A510 device arises from the use of default password authentication in its default user account configuration. It allows attackers who are on a network adjacent to the device to bypass authentication without needing any privileges or user interaction. Once bypassed, the attacker can execute arbitrary code with root privileges on the device. [1]
How can this vulnerability impact me? :
Exploiting this vulnerability can lead to a complete compromise of the affected device, allowing attackers to execute arbitrary code with root privileges. This impacts the confidentiality, integrity, and availability of the device, potentially leading to unauthorized access, data theft, manipulation, or disruption of device functionality. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should change the default password on the 70mai A510 device to a strong, unique password to prevent authentication bypass. Additionally, restrict network access to the device to trusted networks only, and monitor for any unauthorized access attempts. [1]