CVE-2018-14528

CRITICAL

Invoxia NVX220 Firmware - Use of Hard-coded Credentials

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-14528. PoCs published by r3dlight.

AI-analyzed exploit summary The repository contains only a README with a brief description and an image reference, lacking any functional exploit code or technical details. It mentions default telnet credentials but provides no actionable exploit or proof-of-concept.

Description

Invoxia NVX220 devices allow TELNET access as admin with a default password.

Exploits (1)

gitlab STUB

by r3dlight · poc

https://gitlab.com/r3dlight/CVE-2018-14528

View Code ZIP pw:eip

The repository contains only a README with a brief description and an image reference, lacking any functional exploit code or technical details. It mentions default telnet credentials but provides no actionable exploit or proof-of-concept.

Classification

Stub 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Theoretical

Target: unknown (likely embedded device with telnet interface)

No auth needed

Prerequisites: telnet access to target device

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://gitlab.com/r3dlight/CVE-2018-14528

Scores

CVSS v3 9.8

EPSS 0.0196

EPSS Percentile 77.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-798

Status published

Products (1)

invoxia/nvx220_firmware

Published Jul 05, 2019

Tracked Since Feb 18, 2026