CVE-2025-53842

medium

Description

Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN firmware all versions. If this vulnerability is exploited, an attacker may tamper with the settings of the device by obtaining the credentials. This vulnerability is caused by an insufficient fix for CVE-2024-39838.

References

https://zexelon.co.jp/pdf/jvn44419726.pdf

https://www.cve.org/CVERecord?id=CVE-2024-39838

https://jvn.jp/en/jp/JVN44419726/

Details

Source: Mitre, NVD

Published: 2025-07-16

Updated: 2025-07-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:A/AC:L/Au:M/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.5

Vector: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

CVSS v4

Base Score: 6.8

Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00011