Search

Find a vulnerability

Search criteria

    3 vulnerabilities found for ZWX-2000CS2-HN by ZEXELON CO., LTD.

    CVE-2025-53842 (GCVE-0-2025-53842)

    Vulnerability from nvd – Published: 2025-07-16 04:30 – Updated: 2025-07-18 14:47
    VLAI
    Summary
    Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN firmware all versions. If this vulnerability is exploited, an attacker may tamper with the settings of the device by obtaining the credentials. This vulnerability is caused by an insufficient fix for CVE-2024-39838.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of hard-coded credentials
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53842",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-18T14:47:02.598589Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-18T14:47:09.380Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZWX-2000CSW2-HN",
              "vendor": "ZEXELON CO., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 0.3.19"
                }
              ]
            },
            {
              "product": "ZWX-2000CS2-HN",
              "vendor": "ZEXELON CO., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN firmware all versions. If this vulnerability is exploited, an attacker may tamper with the settings of the device by obtaining the credentials. This vulnerability is caused by an insufficient fix for CVE-2024-39838."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "Use of hard-coded credentials",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-16T04:30:36.624Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://zexelon.co.jp/pdf/jvn44419726.pdf"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN44419726/"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2024-39838"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-53842",
        "datePublished": "2025-07-16T04:30:36.624Z",
        "dateReserved": "2025-07-10T01:58:07.983Z",
        "dateUpdated": "2025-07-18T14:47:09.380Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2025-000049

    Vulnerability from jvndb - Published: 2025-07-16 13:54 - Updated:2025-07-16 13:54
    Severity
    Summary
    ZWX-2000CSW2-HN and ZWX-2000CS2-HN vulnerable to use of hard-coded credentials
    Details
    ZWX-2000CSW2-HN and ZWX-2000CS2-HN provided by ZEXELON CO., LTD. contain the following vulnerability. * Use of Hard-coded Credentials (CWE-798) - CVE-2025-53842 This vulnerability is caused by an insufficient fix for CVE-2024-39838 (JVN#70666401). Hiroki Sato of Institute of Science Tokyo reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000049.html",
      "dc:date": "2025-07-16T13:54+09:00",
      "dcterms:issued": "2025-07-16T13:54+09:00",
      "dcterms:modified": "2025-07-16T13:54+09:00",
      "description": "ZWX-2000CSW2-HN and ZWX-2000CS2-HN provided by ZEXELON CO., LTD. contain the following vulnerability.\r\n\r\n* Use of Hard-coded Credentials (CWE-798) - CVE-2025-53842\r\n\r\nThis vulnerability is caused by an insufficient fix for CVE-2024-39838 (\u003ca href=\"https://jvn.jp/en/jp/JVN70666401/\"target=\"blank\"\u003eJVN#70666401\u003c/a\u003e).\r\n\r\nHiroki Sato of Institute of Science Tokyo reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000049.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:misc:zexelon_zwx-2000cs2-hn",
          "@product": "ZWX-2000CS2-HN",
          "@vendor": "ZEXELON CO., LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:misc:zexelon_zwx-2000cs2-hn",
          "@product": "ZWX-2000CS2-HN",
          "@vendor": "ZEXELON CO., LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:misc:zexelon_zwx-2000csw2-hn",
          "@product": "ZWX-2000CSW2-HN",
          "@vendor": "ZEXELON CO., LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:misc:zexelon_zwx-2000csw2-hn",
          "@product": "ZWX-2000CSW2-HN",
          "@vendor": "ZEXELON CO., LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:misc:zexelon_zwx-2000csw2-hn",
          "@product": "ZWX-2000CSW2-HN",
          "@vendor": "ZEXELON CO., LTD.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "4.5",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2025-000049",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN70666401/",
          "@id": "JVN#70666401",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/jp/JVN44419726/index.html",
          "@id": "JVN#44419726",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-53842",
          "@id": "CVE-2025-53842",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "ZWX-2000CSW2-HN and ZWX-2000CS2-HN vulnerable to use of hard-coded credentials"
    }

    CVE-2025-53842 (GCVE-0-2025-53842)

    Vulnerability from cvelistv5 – Published: 2025-07-16 04:30 – Updated: 2025-07-18 14:47
    VLAI
    Summary
    Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN firmware all versions. If this vulnerability is exploited, an attacker may tamper with the settings of the device by obtaining the credentials. This vulnerability is caused by an insufficient fix for CVE-2024-39838.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of hard-coded credentials
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53842",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-18T14:47:02.598589Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-18T14:47:09.380Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZWX-2000CSW2-HN",
              "vendor": "ZEXELON CO., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 0.3.19"
                }
              ]
            },
            {
              "product": "ZWX-2000CS2-HN",
              "vendor": "ZEXELON CO., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN firmware all versions. If this vulnerability is exploited, an attacker may tamper with the settings of the device by obtaining the credentials. This vulnerability is caused by an insufficient fix for CVE-2024-39838."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "Use of hard-coded credentials",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-16T04:30:36.624Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://zexelon.co.jp/pdf/jvn44419726.pdf"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN44419726/"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2024-39838"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-53842",
        "datePublished": "2025-07-16T04:30:36.624Z",
        "dateReserved": "2025-07-10T01:58:07.983Z",
        "dateUpdated": "2025-07-18T14:47:09.380Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }