Published:2025/10/28 Last Updated:2025/10/28
JVN#00021602
MZK-DP300N uses hard-coded credentials
Overview
MZK-DP300N provided by PLANEX COMMUNICATIONS INC. uses hard-coded credentials.
Products Affected
- MZK-DP300N version 1.07 and earlier
Description
MZK-DP300N provided by PLANEX COMMUNICATIONS INC. contains the following vulnerability.
- Use of hard-coded credentials (CWE-798)
- CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.7
- CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 8.8
- CVE-2025-62777
Impact
An attacker within the local network could log in to the affected device via Telnet and execute arbitrary commands.
Solution
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| PLANEX COMMUNICATIONS INC. | Vulnerable | 2025/10/28 | PLANEX COMMUNICATIONS INC. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Toshiki Iwasaki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2025-62777 |
| JVN iPedia |
JVNDB-2025-000095 |