Cyber Resilience

CVE-2025-2766

High

Published: 06 June 2025

Published
06 June 2025
Modified
18 August 2025
KEV Added
Patch
CVSS Score v3 8.8 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0006 19.2th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2766 is a high-severity Use of Default Password (CWE-1393) vulnerability in 70Mai A510 Firmware. Its CVSS base score is 8.8 (High).

Operationally, ranked at the 19.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

70mai A510 Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of 70mai A510. Authentication is not required to exploit this vulnerability. The specific flaw exists within the default configuration of…

more

user accounts. The configuration contains default password. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of the root. Was ZDI-CAN-24996.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

70mai
a510 firmware
1.0.40ww.2024.04.19

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-1393

Changing default authenticators prior to first use prevents use of default passwords.

addresses: CWE-1393

Requires authentication that meets guidelines, avoiding default passwords for cryptographic module access.

addresses: CWE-1393

Threat awareness programs disseminate botnet and scanning activity tied to default passwords, driving organizations to change or enforce non-default credentials before mass exploitation occurs.

References