ZEXELON ZWX-2000CS Series Hard-Coded Credentials Vulnerability

A vulnerability exists in ZEXELON ZWX-2000CSW2-HN firmware versions prior to 0.3.19 and in all versions of the ZWX-2000CS2-HN firmware. This vulnerability involves the use of hard-coded credentials, which, if exploited, could allow an attacker to manipulate the device's settings. The issue arises from an inadequate resolution of a previous vulnerability, CVE-2024-39838.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in the device's configuration.

Remediation

Users of the ZWX-2000CSW2-HN model should update the firmware to version 0.3.19 or later and consult the latest Wi-Fi settings manual and the coaxial login password/IP address change instructions available from the developer. For ZWX-2000CS2-HN users, it is recommended to check and modify the settings according to the developer's guidance. If difficulties arise in changing the settings, contact ZEXELON support.