CVE-2026-11849
Deferred Deferred - Pending Action

Hard-Coded Credentials in iRM-IEI Remote Management

Vulnerability report for CVE-2026-11849, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-12

Last updated on: 2026-06-12

Assigner: TWCERT/CC

Description

The  iRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials vulnerability, allowing unauthenticated remote attackers to exploit hard-coded credentials to gain administrative privileges on the database.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-12
Last Modified
2026-06-12
Generated
2026-07-02
AI Q&A
2026-06-12
EPSS Evaluated
2026-07-01
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
iei_integration_corp irm-iei_remote_management *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The iRM-IEI Remote Management software developed by IEI Integration Corp contains a Hardcoded Credentials vulnerability. This means that the software has embedded fixed usernames and passwords within its code. An unauthenticated remote attacker can exploit these hardcoded credentials to gain administrative access to the database.

Impact Analysis

This vulnerability allows attackers to remotely access the system without authentication by using the hardcoded credentials. Once inside, they can obtain administrative privileges on the database, potentially leading to unauthorized data access, data modification, or disruption of services.

Compliance Impact

The vulnerability in iRM-IEI Remote Management involves hardcoded credentials that allow unauthenticated remote attackers to gain administrative privileges on the database. This type of security flaw can lead to unauthorized access to sensitive data, which may impact compliance with data protection standards and regulations such as GDPR and HIPAA.

Specifically, unauthorized administrative access could result in exposure, alteration, or loss of personal or protected health information, which are critical concerns under these regulations. Therefore, organizations using the affected software might face compliance risks if the vulnerability is exploited.

Mitigating this vulnerability by updating the software or applying recommended security measures is essential to maintain compliance with such standards.

Mitigation Strategies

To mitigate the hardcoded credentials vulnerability in IEI Integration Corp's iRM-IEI Remote Management software, the recommended immediate step is to update the affected software to the latest version.

  • Update the iRM-IEI Remote Management software to version v1.4.19 or later.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11849. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart