CVE-2026-25715
The web management interface of the device allows the administrator
username and password to be set to blank values. Once applied, the
device permits authentication with empty credentials over the web
management interface and Telnet service. This effectively disables
authentication across all critical management channels, allowing any
network-adjacent attacker to gain full administrative control without
credentials.
username and password to be set to blank values. Once applied, the
device permits authentication with empty credentials over the web
management interface and Telnet service. This effectively disables
authentication across all critical management channels, allowing any
network-adjacent attacker to gain full administrative control without
credentials.
Vendor
-
Product
-
CWE
Yayın Tarihi
2026-02-20 17:25:53
Güncelleme
2026-02-20 18:57:15
Source Identifier
ics-cert@hq.dhs.gov
KEV Date Added
-