CVE-2025-53842

MEDIUM

ZWX-2000CSW2-HN <0.3.19 - Info Disclosure

Title source: llm

Description

Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN firmware all versions. If this vulnerability is exploited, an attacker may tamper with the settings of the device by obtaining the credentials. This vulnerability is caused by an insufficient fix for CVE-2024-39838.

References (3)

[Various Sources] https://www.cve.org/CVERecord?id=CVE-2024-39838

[Various Sources] https://zexelon.co.jp/pdf/jvn44419726.pdf

[Third Party Advisory] https://jvn.jp/en/jp/JVN44419726/

Scores

CVSS v3 4.5

EPSS 0.0002

EPSS Percentile 5.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-798

Status published

Products (2)

ZEXELON CO., LTD./ZWX-2000CS2-HN all versions

ZEXELON CO., LTD./ZWX-2000CSW2-HN prior to 0.3.19

Published Jul 16, 2025

Tracked Since Feb 18, 2026