A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface.
History

Wed, 09 Jul 2025 19:30:00 +0000

Type Values Removed Values Added
First Time appeared 5vtechnologies
5vtechnologies blue Angel Software Suite
CPEs cpe:2.3:a:5vtechnologies:blue_angel_software_suite:*:*:*:*:*:*:*:*
Vendors & Products 5vtechnologies
5vtechnologies blue Angel Software Suite
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Tue, 24 Jun 2025 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 24 Jun 2025 04:45:00 +0000


Tue, 24 Jun 2025 03:15:00 +0000


Tue, 24 Jun 2025 01:15:00 +0000

Type Values Removed Values Added
Description A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface.
Title 5VTechnologies Blue Angel Software Suite Hardcoded Credentials
Weaknesses CWE-798
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2025-06-24T00:59:58.229Z

Updated: 2025-06-24T21:55:20.379Z

Reserved: 2025-04-15T19:15:22.546Z

Link: CVE-2025-34034

cve-icon Vulnrichment

Updated: 2025-06-24T21:55:14.372Z

cve-icon NVD

Status : Analyzed

Published: 2025-06-24T01:15:24.630

Modified: 2025-07-09T19:09:03.653

Link: CVE-2025-34034

cve-icon Redhat

No data.