CVE Catalog

CVE-2026-35075

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.47%

37th percentile — higher than 37% of all known CVEs

Summary

An unauthenticated remote attacker can recover a default, hard-coded password from a firmware image, gaining full access to all affected devices.

Risk Assessment

The risk is that an attacker can gain full control over devices without authentication, potentially compromising confidentiality, integrity, and availability of systems.

Recommendation

Immediately update the firmware to a version that removes the hard-coded password and change default passwords on all devices.

Original NVD description (English source)

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS