CRITICAL🇵🇱 Wersja polska

CVE-2025-55051

CVSS 10.0v3.1pub. 2025-09-09upd. 2026-04-15

CWE-1392: Use of Default Credentials

🤖 AI Analysis
How it works

The device or software has built-in, factory-set authentication data (e.g., default username and password) that have not been changed or cannot be changed by the user. An attacker, knowing or guessing these default credentials, can authenticate without any prior authorization over the network. The network attack vector (AV:N), absence of required user interaction (UI:N), and absence of required privileges (PR:N) mean that the exploit can be conducted remotely and fully automatically.

Impact

An attacker gains full access to the system with the ability to read and modify data as well as disrupt its operation, and the scope of the breach extends beyond the originally attacked component (S:C — scope change).

Mitigation & patch

Apply patches available from the manufacturer in accordance with the references. As an immediate remedial action, change all default credentials to unique and strong passwords, isolate vulnerable systems from the public network, and restrict access exclusively to trusted IP addresses.

Who is affected

Versions indicated in the manufacturer's references — detailed information available at the Israeli government website (gov.il) reference address

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References