Use of default credentials in 70mai A510

Published: 2025-03-26

Risk	Medium
Patch available	NO
Number of vulnerabilities	1
CVE-ID	CVE-2025-2766
CWE-ID	CWE-1392
Exploitation vector	Local network
Public exploit	N/A
Vulnerable software	A510 Hardware solutions / Security hardware applicances
Vendor	70mai

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Use of default credentials

EUVDB-ID: #VU106036

Risk: Medium

CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-2766

CWE-ID: CWE-1392 - Use of Default Credentials

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to the configuration contains default password. A remote attacker on the local network can bypass authentication and execute arbitrary code on the system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

A510: All versions

CPE2.3

cpe:2.3:h:70mai:a510:*:*:*:*:*:*:*:*

External links

https://www.zerodayinitiative.com/advisories/ZDI-25-180/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.