CVE-2025-54756
Default Password Vulnerability in BrightSign OS Allows Unauthorized Access
Publication date: 2026-02-12
Last updated on: 2026-02-13
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| brightsign | brightsign_os | to 8.5.53.1 (exc) |
| brightsign | brightsign_os | to 9.0.166 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1392 | The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects BrightSign players running BrightSign OS series 4 prior to version 8.5.53.1 and series 5 prior to version 9.0.166. These devices use a default password that can be guessed if someone has knowledge of the device information.
The issue arises because the default password is not sufficiently secure and can be easily guessed, potentially allowing unauthorized access to the device.
The latest software releases fix this issue for new installations, and users with older installations are encouraged to change all default passwords to mitigate the risk.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to gain unauthorized access to BrightSign players by guessing the default password.
Such unauthorized access could lead to a compromise of confidentiality, integrity, and availability of the device and its data, as indicated by the high CVSS scores (8.4 and 8.6).
- Confidentiality impact: High
- Integrity impact: High
- Availability impact: High
This means attackers could potentially view sensitive information, alter device settings or content, or disrupt the device's operation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 using a default password that is guessable with knowledge of the device information.
To detect this vulnerability on your network or system, you should identify devices running the affected BrightSign OS versions and check if they are still using default passwords.
- Scan your network for BrightSign devices using network discovery tools or commands like `nmap` to identify devices by their IP and open ports.
- Use commands or scripts to attempt authentication with default credentials on identified devices to verify if the default password is still in use.
- Check device firmware versions by accessing device management interfaces or querying device information to confirm if they are running vulnerable OS versions.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include changing all default passwords on affected BrightSign players to strong, unique passwords.
Additionally, update the BrightSign OS to the latest version available, specifically to at least v8.5.53.1 for series 4 or v9.0.166 for series 5, as these versions fix the issue for new installations.
Users of existing installations are strongly encouraged to perform these updates and password changes to prevent unauthorized access.