CVE-2026-24448
Hard-Coded Credentials in MR-GM5L-S1/MR-GM5A-L1 Allow Admin Access
Publication date: 2026-03-11
Last updated on: 2026-03-11
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the use of hard-coded credentials in the MR-GM5L-S1 and MR-GM5A-L1 devices. Hard-coded credentials are fixed usernames and passwords embedded directly in the device's software, which cannot be changed by users.
Because these credentials are hard-coded, an attacker who discovers them can gain administrative access to the affected devices without needing any prior authorization or user interaction.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can obtain administrative access to the affected devices remotely and without any privileges or user interaction.
This level of access allows the attacker to fully control the device, potentially leading to unauthorized changes, data breaches, disruption of services, or further attacks within the network.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know