CVE-2025-53842 | THREATINT

Description

Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN firmware all versions. If this vulnerability is exploited, an attacker may tamper with the settings of the device by obtaining the credentials. This vulnerability is caused by an insufficient fix for CVE-2024-39838.

PUBLISHED Reserved 2025-07-10 | Published 2025-07-16 | Updated 2025-07-18 | Assigner jpcert

MEDIUM: 4.5CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

MEDIUM: 6.8CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

Use of hard-coded credentials

Product status

prior to 0.3.19

affected

all versions

affected

References

zexelon.co.jp/pdf/jvn44419726.pdf

jvn.jp/en/jp/JVN44419726/

www.cve.org/CVERecord?id=CVE-2024-39838

cve.org (CVE-2025-53842)

nvd.nist.gov (CVE-2025-53842)

Download JSON