An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN. They enable the SSH service by default with the credentials of root/admin. The GUI doesn't offer a way to disable the account.
https://github.com/actuator/cve/tree/main/Firstnum
https://github.com/actuator/cve/blob/main/Firstnum/CVE-2025-43980.txt