CVE-2025-34034
CVE-2025-34034
9.3
CriticalPublished:
Last updated:
Source:disclosure@vulncheck.com
Modified
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Network
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- None
- User Interaction
- None
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- High
- Availability (Vulnerable)
- High
- Confidentiality (Subsequent)
- None
- Integrity (Subsequent)
- None
- Availability (Subsequent)
- None
Description
A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-26 UTC.
References
disclosure@vulncheck.com
https://vulncheck.com/advisories/5vtechnologies-blue-angel-hardcoded-credentialsdisclosure@vulncheck.com
https://www.exploit-db.com/exploits/46792134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.exploit-db.com/exploits/46792