An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices.

A critical vulnerability identified as CVE-2026-35075 allows unauthenticated remote attackers to recover default, hard-coded passwords from firmware images. This vulnerability enables attackers to gain full administrative access to all affected devices without any authentication. The flaw represents a significant security risk as it exposes devices to complete compromise through password extraction from firmware. The vulnerability affects multiple devices that contain the same hard-coded credentials in their firmware images. This type of vulnerability is particularly dangerous as it requires no user interaction and can be exploited remotely by anyone who can access the firmware.