CVE-2025-53842

MEDIUM

ZWX-2000CSW2-HN <0.3.19 - Info Disclosure

Title source: llm

Description

Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN firmware all versions. If this vulnerability is exploited, an attacker may tamper with the settings of the device by obtaining the credentials. This vulnerability is caused by an insufficient fix for CVE-2024-39838.

References (3)

[Third Party Advisory] https://jvn.jp/en/jp/JVN44419726/

[Various Sources] https://www.cve.org/CVERecord?id=CVE-2024-39838

[Various Sources] https://zexelon.co.jp/pdf/jvn44419726.pdf

Scores

CVSS v3 4.5

EPSS 0.0001

EPSS Percentile 2.3%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-798

Status draft

Timeline

Published Jul 16, 2025

Tracked Since Feb 18, 2026