CVE-2025-67114
Published: 19 March 2026
Summary
CVE-2025-67114 is a critical-severity Use of Weak Credentials (CWE-1391) vulnerability in Fcc (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked in the top 43.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Mandates secure authenticator management with sufficient strength of mechanism and procedures to prevent predictable generation from device attributes like the MAC address.
Requires timely identification, reporting, and remediation of flaws such as the deterministic credential algorithm via firmware upgrades.
Enforces secure baseline configuration settings to mitigate vulnerabilities from default or weak firmware credential mechanisms.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability uses a deterministic algorithm to generate administrative and root credentials from the device's MAC address, directly enabling adversaries to use default accounts (T1078.001) for remote unauthorized access without privileges.
NVD Description
Use of a deterministic credential generation algorithm in /ftl/bin/calc_f2 in Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote attackers to derive valid administrative/root credentials from the device's MAC address, enabling authentication bypass and full device access.
Deeper analysisAI
CVE-2025-67114 involves the use of a deterministic credential generation algorithm in the /ftl/bin/calc_f2 component of Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware versions before DG3934v3@2308041842. This vulnerability, tracked under CWE-1391, enables attackers to derive valid administrative and root credentials directly from the device's MAC address, bypassing standard authentication mechanisms.
Remote attackers can exploit this issue with no required privileges, user interaction, or special access, as reflected in its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). By obtaining the device's MAC address—potentially through network discovery or public sources—attackers can locally compute the corresponding credentials and authenticate to gain full administrative and root access to the device.
Firmware versions prior to DG3934v3@2308041842 are affected, with upgrading to DG3934v3@2308041842 or later serving as the primary mitigation. Additional details appear in the FCC report at https://fcc.report/FCC-ID/P27-SCE4255W/4790935.pdf, the FreedomFi website at https://freedomfi.com/index.html, and a NeroTeam blog post at https://neroteam.com/blog/freedomfi-sercomm-sce4255w-englewood.
Details
- CWE(s)