Search
Find a vulnerability
Search criteria
3 vulnerabilities found for ZWX-2000CS2-HN by ZEXELON CO., LTD.
CVE-2025-53842 (GCVE-0-2025-53842)
Vulnerability from nvd – Published: 2025-07-16 04:30 – Updated: 2025-07-18 14:47
VLAI
Summary
Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN firmware all versions. If this vulnerability is exploited, an attacker may tamper with the settings of the device by obtaining the credentials. This vulnerability is caused by an insufficient fix for CVE-2024-39838.
Severity
4.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of hard-coded credentials
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| ZEXELON CO., LTD. | ZWX-2000CSW2-HN |
Affected:
prior to 0.3.19
|
|
| ZEXELON CO., LTD. | ZWX-2000CS2-HN |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53842",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-18T14:47:02.598589Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-18T14:47:09.380Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ZWX-2000CSW2-HN",
"vendor": "ZEXELON CO., LTD.",
"versions": [
{
"status": "affected",
"version": "prior to 0.3.19"
}
]
},
{
"product": "ZWX-2000CS2-HN",
"vendor": "ZEXELON CO., LTD.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN firmware all versions. If this vulnerability is exploited, an attacker may tamper with the settings of the device by obtaining the credentials. This vulnerability is caused by an insufficient fix for CVE-2024-39838."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Use of hard-coded credentials",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T04:30:36.624Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://zexelon.co.jp/pdf/jvn44419726.pdf"
},
{
"url": "https://jvn.jp/en/jp/JVN44419726/"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39838"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-53842",
"datePublished": "2025-07-16T04:30:36.624Z",
"dateReserved": "2025-07-10T01:58:07.983Z",
"dateUpdated": "2025-07-18T14:47:09.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2025-000049
Vulnerability from jvndb - Published: 2025-07-16 13:54 - Updated:2025-07-16 13:54
Severity
Summary
ZWX-2000CSW2-HN and ZWX-2000CS2-HN vulnerable to use of hard-coded credentials
Details
ZWX-2000CSW2-HN and ZWX-2000CS2-HN provided by ZEXELON CO., LTD. contain the following vulnerability.
* Use of Hard-coded Credentials (CWE-798) - CVE-2025-53842
This vulnerability is caused by an insufficient fix for CVE-2024-39838 (JVN#70666401).
Hiroki Sato of Institute of Science Tokyo reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000049.html",
"dc:date": "2025-07-16T13:54+09:00",
"dcterms:issued": "2025-07-16T13:54+09:00",
"dcterms:modified": "2025-07-16T13:54+09:00",
"description": "ZWX-2000CSW2-HN and ZWX-2000CS2-HN provided by ZEXELON CO., LTD. contain the following vulnerability.\r\n\r\n* Use of Hard-coded Credentials (CWE-798) - CVE-2025-53842\r\n\r\nThis vulnerability is caused by an insufficient fix for CVE-2024-39838 (\u003ca href=\"https://jvn.jp/en/jp/JVN70666401/\"target=\"blank\"\u003eJVN#70666401\u003c/a\u003e).\r\n\r\nHiroki Sato of Institute of Science Tokyo reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000049.html",
"sec:cpe": [
{
"#text": "cpe:/a:misc:zexelon_zwx-2000cs2-hn",
"@product": "ZWX-2000CS2-HN",
"@vendor": "ZEXELON CO., LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:zexelon_zwx-2000cs2-hn",
"@product": "ZWX-2000CS2-HN",
"@vendor": "ZEXELON CO., LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:zexelon_zwx-2000csw2-hn",
"@product": "ZWX-2000CSW2-HN",
"@vendor": "ZEXELON CO., LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:zexelon_zwx-2000csw2-hn",
"@product": "ZWX-2000CSW2-HN",
"@vendor": "ZEXELON CO., LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:zexelon_zwx-2000csw2-hn",
"@product": "ZWX-2000CSW2-HN",
"@vendor": "ZEXELON CO., LTD.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000049",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN70666401/",
"@id": "JVN#70666401",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/jp/JVN44419726/index.html",
"@id": "JVN#44419726",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-53842",
"@id": "CVE-2025-53842",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "ZWX-2000CSW2-HN and ZWX-2000CS2-HN vulnerable to use of hard-coded credentials"
}
CVE-2025-53842 (GCVE-0-2025-53842)
Vulnerability from cvelistv5 – Published: 2025-07-16 04:30 – Updated: 2025-07-18 14:47
VLAI
Summary
Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN firmware all versions. If this vulnerability is exploited, an attacker may tamper with the settings of the device by obtaining the credentials. This vulnerability is caused by an insufficient fix for CVE-2024-39838.
Severity
4.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of hard-coded credentials
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| ZEXELON CO., LTD. | ZWX-2000CSW2-HN |
Affected:
prior to 0.3.19
|
|
| ZEXELON CO., LTD. | ZWX-2000CS2-HN |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53842",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-18T14:47:02.598589Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-18T14:47:09.380Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ZWX-2000CSW2-HN",
"vendor": "ZEXELON CO., LTD.",
"versions": [
{
"status": "affected",
"version": "prior to 0.3.19"
}
]
},
{
"product": "ZWX-2000CS2-HN",
"vendor": "ZEXELON CO., LTD.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN firmware all versions. If this vulnerability is exploited, an attacker may tamper with the settings of the device by obtaining the credentials. This vulnerability is caused by an insufficient fix for CVE-2024-39838."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Use of hard-coded credentials",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T04:30:36.624Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://zexelon.co.jp/pdf/jvn44419726.pdf"
},
{
"url": "https://jvn.jp/en/jp/JVN44419726/"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39838"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-53842",
"datePublished": "2025-07-16T04:30:36.624Z",
"dateReserved": "2025-07-10T01:58:07.983Z",
"dateUpdated": "2025-07-18T14:47:09.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}