CVE-2025-11126
BaseFortify
Publication date: 2025-09-29
Last updated on: 2025-09-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apeman | id71 | 218.53.203.117 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-259 | The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components. |
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Apeman ID71 device involves hard-coded credentials embedded in the system files, specifically /system/www/system.ini and others. These static usernames and passwords cannot be changed by users, allowing remote attackers to gain unauthorized administrative and root access without authentication. This means attackers can fully control the device, access video feeds, change settings, and potentially compromise the local network. [1, 2]
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to complete compromise of the device's confidentiality, integrity, and availability. Attackers can view private video and audio streams, alter device configurations, take over the device, and potentially use it as part of a botnet. This can result in loss of privacy, unauthorized control, and disruption of device functionality. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the hard-coded credentials in the device files, specifically /system/www/system.ini, /system/param/login.cgi, and /tmp/system/param/passwd. Network detection can include scanning for devices running Apeman ID71 firmware version 218.53.203.117 and attempting to authenticate using the known hard-coded credentials (e.g., username "admin" with password "HYHjp261427" or username "vstarcam2017" with password "20170912"). Additionally, Google hacking techniques such as searching for inurl:system/www/system.ini can help identify vulnerable devices exposed on the internet. Commands to detect the vulnerability might include using curl or wget to fetch the /system/www/system.ini file if accessible, or using nmap with scripts to detect the device and attempt login with the known credentials. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing restrictive firewall rules to block unauthorized remote access to the affected device, especially blocking access to the device's web interface and related ports from untrusted networks. Since the hard-coded credentials cannot be changed, isolating the device from the internet or untrusted networks is critical. If possible, replace the device with a non-vulnerable model as the vendor no longer supports this product. Monitoring network traffic for unauthorized access attempts and disabling remote management features can also help reduce risk. [2]