JVN#44419726
ZWX-2000CSW2-HN and ZWX-2000CS2-HN vulnerable to use of hard-coded credentials
Overview
ZWX-2000CSW2-HN and ZWX-2000CS2-HN provided by ZEXELON CO., LTD. contain a use of hard-coded credentials vulnerability.
Products Affected
- ZWX-2000CSW2-HN firmware versions prior to 0.3.19
- ZWX-2000CS2-HN firmware all versions
Description
ZWX-2000CSW2-HN and ZWX-2000CS2-HN provided by ZEXELON CO., LTD. contain the following vulnerability.
- Use of Hard-coded Credentials (CWE-798)
- CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 6.8
- CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Base Score 4.5
- CVE-2025-53842
Impact
An attacker may tamper with the settings of the device by obtaining the credentials.
Solution
ZWX-2000CSW2-HN
Update the firmware
Update the firmware to the latest version and check and change the settings according to the information provided by the developer.
ZWX-2000CS2-HN
Apply the workaround
Check and change the settings according to the information provided by the developer.
Vendor Status
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Hiroki Sato of Institute of Science Tokyo reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
JPCERT Alert |
|
JPCERT Reports |
|
CERT Advisory |
|
CPNI Advisory |
|
TRnotes |
|
CVE |
CVE-2025-53842 |
JVN iPedia |
JVNDB-2025-000049 |