216.73.217.176

CVE-2025-48413

· Published 21/05/2025 12:16 · Modified 21/05/2025 20:24

Labels: CVE-2025-48413 2025-05-21551230f0-3615-47bd-b7cc-93e92e730bbfCVE-2025-48413CWE-798

Essential information

Published
21/05/2025 12:16
Modified
21/05/2025 20:24
Author
Creator
CVSS
7.7 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS metrics

Description

The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password hashes for the operating system "root" user. The credentials are shipped with the update files. There is no option for deleting or changing their passwords for an enduser. An attacker can use the credentials to log into the device. Authentication can be performed via SSH backdoor or likely via physical access (UART shell).

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
551230f0-3615-47bd-b7cc-93e92e730bbf
NVD
View on NVD

Affected products (CPE)

ProductCPE
unix / unix cpe:2.3:o:unix:unix:*:*:*:*:*:*:*:*
linux / linux cpe:2.3:o:linux:linux:*:*:*:*:*:*:*:*

References