CVE-2025-9964
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-23

Last updated on: 2026-03-31

Assigner: CyberDanube

Description
No password for the root user is set in Novakon P series. This allows phyiscal attackers to enter the console easily. This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-23
Last Modified
2026-03-31
Generated
2026-05-07
AI Q&A
2025-09-23
EPSS Evaluated
2026-05-05
NVD
CVE-2025-9964
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
novakon iface_rt *
novakon p_series v2001.a.c518o2
novakon pseriesbiosinterface *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-521 The product does not require that users should have strong passwords.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs because the Novakon P series devices do not have a password set for the root user. This lack of a root password allows physical attackers to easily access the device's console without any authentication.


How can this vulnerability impact me? :

An attacker with physical access to the device can gain unrestricted root access to the system, potentially leading to unauthorized control, data manipulation, or disruption of device operations.


What immediate steps should I take to mitigate this vulnerability?

Set a strong password for the root user on the Novakon P series device to prevent unauthorized physical access to the console.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart