CVE-2024-28146

CVE-2024-28146: Hardcoded credentials

Vendor Image Access Gmbh
Product Scan2Net
Weakness CWE-798 · Hardcoded credentials
Published December 12, 2024
Last update November 3, 2025

CVSS base score

What the vulnerability does

01Description

The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device.

Key dates

02Disclosure timeline

December 12, 2024 CVE published
November 3, 2025 Record updated