CVE-2025-53842 MEDIUM

CVE-2025-53842

Vendor Zexelon Co., Ltd.
Product ZWX-2000CSW2-HN
Weakness CWE-798 · Hardcoded credentials
Published July 16, 2025
Last update July 18, 2025

CVSS base score

4.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN firmware all versions. If this vulnerability is exploited, an attacker may tamper with the settings of the device by obtaining the credentials. This vulnerability is caused by an insufficient fix for CVE-2024-39838.

Key dates

02Disclosure timeline

July 16, 2025 CVE published
July 18, 2025 Record updated