- Description
- CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the wireless hotspot. The issue results from the use of hard-coded credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-24349.
- Source
- zdi-disclosures@trendmicro.com
- NVD status
- Awaiting Analysis
CVSS 3.0
- Type
- Secondary
- Base score
- 7.6
- Impact score
- 4.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
- Severity
- HIGH
- zdi-disclosures@trendmicro.com
- CWE-798
- Hype score
- Not currently trending
🚨 CVE-2025-2765 🔴 HIGH (7.6) 🏢 CarlinKit - CPC200-CCPA 🏗️ 2024.01.19.1541 🔗 https://t.co/me6OgkX7bO #CyberCron #VulnAlert #InfoSec https://t.co/C9cnXYtN6w
@cybercronai
25 Apr 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2765 CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authen… https://t.co/F5k93aBY0s
@CVEnew
23 Apr 2025
238 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes