Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Blue Angel Software Suite Hardcoded Credential Vulnerability on Embedded Linux

Vulnerability

Exploited

A vulnerability exists in the Blue Angel Software Suite used on embedded Linux systems, due to hardcoded credentials that grant administrative access to the device's web interface. The application includes several default and hardcoded user accounts, which are not documented publicly. These accounts enable unauthenticated or low-privilege attackers to access administrative features.

Impact

Exploitation of this vulnerability allows for unauthorized administrative access to the device's web interface.

Reproduction

The vulnerability can be reproduced by logging into the device using one of the hardcoded accounts. Once logged in, command execution can be performed through the web interface by exploiting the authenticated command execution vulnerability in the 'ping' command.

Added: Jun 24, 2025, 1:26 AM

Updated: Jun 24, 2025, 1:26 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.2

threat

8.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.2

threat

8.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Blue Angel Software Suite Hardcoded Credential Vulnerability on Embedded Linux

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating