CVE-2025-34034

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-34034

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

A

hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-26 UTC.

References
Link Resource
https://vulncheck.com/advisories/5vtechnologies-blue-angel-hardcoded-credentials Third Party Advisory
https://www.exploit-db.com/exploits/46792 Exploit Third Party Advisory
https://www.exploit-db.com/exploits/46792 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:5vtechnologies:blue_angel_software_suite:*:*:*:*:*:*:*:*
History

20 Nov 2025, 22:15

Type Values Removed Values Added
Summary (en) A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface. Exploitation evidence was observed by the Shadowserver Foundation on 2025-08-24 UTC. (en) A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-26 UTC.

17 Nov 2025, 23:15

Type Values Removed Values Added
Summary (en) A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface. (en) A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface. Exploitation evidence was observed by the Shadowserver Foundation on 2025-08-24 UTC.

09 Jul 2025, 19:09

Type Values Removed Values Added
First Time 5vtechnologies
5vtechnologies blue Angel Software Suite
References () https://vulncheck.com/advisories/5vtechnologies-blue-angel-hardcoded-credentials - () https://vulncheck.com/advisories/5vtechnologies-blue-angel-hardcoded-credentials - Third Party Advisory
References () https://www.exploit-db.com/exploits/46792 - () https://www.exploit-db.com/exploits/46792 - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
CPE cpe:2.3:a:5vtechnologies:blue_angel_software_suite:*:*:*:*:*:*:*:*

26 Jun 2025, 18:58

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de credenciales codificada en Blue Angel Software Suite, implementada en sistemas Linux incorporados. La aplicación contiene varias cuentas de usuario predeterminadas y codificadas que no se divulgan en la documentación pública. Estas cuentas permiten a atacantes no autenticados o con pocos privilegios obtener acceso administrativo a la interfaz web del dispositivo.

24 Jun 2025, 22:15

Type Values Removed Values Added
References () https://www.exploit-db.com/exploits/46792 - () https://www.exploit-db.com/exploits/46792 -

24 Jun 2025, 03:15

Type Values Removed Values Added
References
  • {'url': 'https://vulncheck.com/advisories/blue-angel-software-suite-command-injection-default-credentials', 'source': '[email protected]'}
  • () https://vulncheck.com/advisories/5vtechnologies-blue-angel-hardcoded-credentials -

24 Jun 2025, 01:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-06-24 01:15

Updated : 2025-11-20 22:15

NVD link : CVE-2025-34034

Mitre link : CVE-2025-34034

CVE.ORG link : CVE-2025-34034

JSON object : View

Products Affected

5vtechnologies

CWE
CWE-798

Use of Hard-coded Credentials