CVE-2019-25322
Awaiting Analysis Awaiting Analysis - Queue

Hardcoded Credentials in Heatmiser Netmonitor 3.03 Enables Unauthorized Access

Vulnerability report for CVE-2019-25322, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-12

Last updated on: 2026-02-13

Assigner: VulnCheck

Description

Heatmiser Netmonitor 3.03 contains a hardcoded credentials vulnerability in the networkSetup.htm page with predictable admin login credentials. Attackers can access the device by using the hard-coded username 'admin' and password 'admin' in the hidden form input fields.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-12
Last Modified
2026-02-13
Generated
2026-07-06
AI Q&A
2026-02-13
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
heatmiser netmonitor 3.03

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability in Heatmiser Netmonitor 3.03 is due to hardcoded credentials in the networkSetup.htm page. Specifically, the device contains predictable admin login credentials embedded in hidden form input fields, with the username set as 'admin' and the password also set as 'admin'. This allows attackers to gain unauthorized access to the device by simply using these hardcoded credentials.

Impact Analysis

This vulnerability can allow attackers to remotely access the Heatmiser Netmonitor device without any authentication effort, since the credentials are hardcoded and predictable. The CVSS v3.1 score indicates a high impact on confidentiality (C:H) but no impact on integrity or availability. This means attackers can potentially view sensitive information or device settings, leading to privacy breaches or unauthorized monitoring, but they cannot modify data or disrupt device operation.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25322. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart