CWE-1392: Use of Default Credentials
The device or software has built-in, factory-set authentication data (e.g., default username and password) that have not been changed or cannot be changed by the user. An attacker, knowing or guessing these default credentials, can authenticate without any prior authorization over the network. The network attack vector (AV:N), absence of required user interaction (UI:N), and absence of required privileges (PR:N) mean that the exploit can be conducted remotely and fully automatically.
An attacker gains full access to the system with the ability to read and modify data as well as disrupt its operation, and the scope of the breach extends beyond the originally attacked component (S:C — scope change).
Apply patches available from the manufacturer in accordance with the references. As an immediate remedial action, change all default credentials to unique and strong passwords, isolate vulnerable systems from the public network, and restrict access exclusively to trusted IP addresses.
Versions indicated in the manufacturer's references — detailed information available at the Israeli government website (gov.il) reference address
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H