top of page
perceptive_background_267k.jpg

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices.

Published:

2 June 2026 at 22:00:00

Alert date:

3 June 2026 at 14:00:57

Source:

nvd.nist.gov

Click to open the original link from this advisory

Mobile & IoT, Network Infrastructure, Identity & Access

A critical vulnerability identified as CVE-2026-35075 allows unauthenticated remote attackers to recover default, hard-coded passwords from firmware images. This vulnerability enables attackers to gain full administrative access to all affected devices without any authentication. The flaw represents a significant security risk as it exposes devices to complete compromise through password extraction from firmware. The vulnerability affects multiple devices that contain the same hard-coded credentials in their firmware images. This type of vulnerability is particularly dangerous as it requires no user interaction and can be exploited remotely by anyone who can access the firmware.

Technical details

Mitigation steps:

Affected products:

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-35075
https://www.certvde.com/en/advisories/VDE-2026-039/

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page