CVE-2025-2765

HIGH Year: 2025
CVSS v3 Score
7.6
High
Weakness Type
CWE-798
View all →

Vulnerability Description

CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the wireless hotspot. The issue results from the use of hard-coded credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-24349.

Related Vulnerabilities

CVE-2024-11147

HIGH
CVSS:7.6(High)

ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root.

CWE-7982024

CVE-2024-55927

HIGH
CVSS:7.6(High)

A vulnerability in Xerox Workplace Suite arises from flawed token generation and the use of hard-coded keys. These weaknesses allow attackers to predict or forge tokens, leading to unauthorized access...

CWE-7982024

CVE-2005-3716

HIGH
CVSS:7.5(High)

The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has hard-coded public credentials that cannot be changed, which allows attackers to obtain sensitive ...

CWE-7982005

CVE-2005-3803

HIGH
CVSS:7.5(High)

Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information.

CWE-7982005

CVE-2010-2073

HIGH
CVSS:7.5(High)

auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test, (2) user, and (3) roxon accounts, which allows remote attackers to read arbitrary files from the FTP ser...

CWE-7982010

CVE-2013-1352

HIGH
CVSS:7.5(High)

Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a JAR archive.

CWE-7982013