CVE-2025-53842
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-16

Last updated on: 2025-07-16

Assigner: JPCERT/CC

Description
Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN firmware all versions. If this vulnerability is exploited, an attacker may tamper with the settings of the device by obtaining the credentials. This vulnerability is caused by an insufficient fix for CVE-2024-39838.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-16
Last Modified
2025-07-16
Generated
2026-05-07
AI Q&A
2025-07-16
EPSS Evaluated
2026-05-05
NVD
CVE-2025-53842
EUVD
EUVD-2025-21576
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
zexelon zwx-2000csw2-hn <0.3.19>
zexelon zwx-2000cs2-hn *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves the use of hard-coded credentials in the ZWX-2000CSW2-HN device firmware versions prior to 0.3.19 and all versions of ZWX-2000CS2-HN. An attacker who exploits this issue can obtain these fixed credentials and tamper with the device's settings. The problem stems from an insufficient fix for a previous vulnerability (CVE-2024-39838).


How can this vulnerability impact me? :

If exploited, this vulnerability allows an attacker to gain unauthorized access to the device by using hard-coded credentials, enabling them to modify device settings. This could lead to unauthorized control or disruption of the device's intended operation.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart