Home

Description

A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-26 UTC.

PUBLISHED Reserved 2025-04-15 | Published 2025-06-24 | Updated 2025-11-29 | Assigner VulnCheck




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-798 Use of Hard-coded Credentials

Product status

Default status
unaffected

Any version
affected

Credits

Paolo Serracino finder

Pietro Minniti finder

Damiano Proietti finder

References

www.exploit-db.com/exploits/46792 exploit

www.exploit-db.com/exploits/46792 third-party-advisory exploit

vulncheck.com/...chnologies-blue-angel-hardcoded-credentials third-party-advisory

cve.org (CVE-2025-34034)

nvd.nist.gov (CVE-2025-34034)

Download JSON