CVE-2025-34034

A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface.

CVSS

No CVSS.

References

Link	Resource
https://vulncheck.com/advisories/5vtechnologies-blue-angel-hardcoded-credentials
https://www.exploit-db.com/exploits/46792
https://www.exploit-db.com/exploits/46792

Configurations

No configuration.

History

26 Jun 2025, 18:58

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de credenciales codificada en Blue Angel Software Suite, implementada en sistemas Linux incorporados. La aplicación contiene varias cuentas de usuario predeterminadas y codificadas que no se divulgan en la documentación pública. Estas cuentas permiten a atacantes no autenticados o con pocos privilegios obtener acceso administrativo a la interfaz web del dispositivo.

24 Jun 2025, 22:15

Type	Values Removed	Values Added
References	~~() https://www.exploit-db.com/exploits/46792 -~~	() https://www.exploit-db.com/exploits/46792 -

24 Jun 2025, 03:15

Type	Values Removed	Values Added
References	~~{'url': 'https://vulncheck.com/advisories/blue-angel-software-suite-command-injection-default-credentials', 'source': 'disclosure@vulncheck.com'}~~	() https://vulncheck.com/advisories/5vtechnologies-blue-angel-hardcoded-credentials -

24 Jun 2025, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-24 01:15

Updated : 2025-06-26 18:58

NVD link : CVE-2025-34034

Mitre link : CVE-2025-34034

CVE.ORG link : CVE-2025-34034

JSON object : View

Products Affected

No product.

CWE

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2025-34034", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-06-24T01:15:24.630", "references": [{"url": "https://vulncheck.com/advisories/5vtechnologies-blue-angel-hardcoded-credentials", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/46792", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/46792", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device\u2019s web interface."}, {"lang": "es", "value": "Existe una vulnerabilidad de credenciales codificada en Blue Angel Software Suite, implementada en sistemas Linux incorporados. La aplicaci\u00f3n contiene varias cuentas de usuario predeterminadas y codificadas que no se divulgan en la documentaci\u00f3n p\u00fablica. Estas cuentas permiten a atacantes no autenticados o con pocos privilegios obtener acceso administrativo a la interfaz web del dispositivo. "}], "lastModified": "2025-06-26T18:58:14.280", "sourceIdentifier": "disclosure@vulncheck.com"}