CVE-2025-2766
Published: 06 June 2025
Summary
CVE-2025-2766 is a high-severity Use of Default Password (CWE-1393) vulnerability in 70Mai A510 Firmware. Its CVSS base score is 8.8 (High).
Operationally, ranked at the 19.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-17353
Vulnerability details
70mai A510 Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of 70mai A510. Authentication is not required to exploit this vulnerability. The specific flaw exists within the default configuration of…
more
user accounts. The configuration contains default password. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of the root. Was ZDI-CAN-24996.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Changing default authenticators prior to first use prevents use of default passwords.
Requires authentication that meets guidelines, avoiding default passwords for cryptographic module access.
Threat awareness programs disseminate botnet and scanning activity tied to default passwords, driving organizations to change or enforce non-default credentials before mass exploitation occurs.