Cyber Resilience

CVE-2025-67114

Critical

Published: 19 March 2026

Published
19 March 2026
Modified
24 March 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0052 39.9th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-67114 is a critical-severity Use of Weak Credentials (CWE-1391) vulnerability in Fcc (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked at the 39.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-67114 involves the use of a deterministic credential generation algorithm in the /ftl/bin/calc_f2 component of Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware versions before DG3934v3@2308041842. This vulnerability, tracked under CWE-1391, enables attackers to derive valid administrative and root credentials directly from the device's MAC address, bypassing standard authentication mechanisms.

Remote attackers can exploit this issue with no required privileges, user interaction, or special access, as reflected in its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). By obtaining the device's MAC address—potentially through network discovery or public sources—attackers can locally compute the corresponding credentials and authenticate to gain full administrative and root access to the device.

Firmware versions prior to DG3934v3@2308041842 are affected, with upgrading to DG3934v3@2308041842 or later serving as the primary mitigation. Additional details appear in the FCC report at https://fcc.report/FCC-ID/P27-SCE4255W/4790935.pdf, the FreedomFi website at https://freedomfi.com/index.html, and a NeroTeam blog post at https://neroteam.com/blog/freedomfi-sercomm-sce4255w-englewood.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Use of a deterministic credential generation algorithm in /ftl/bin/calc_f2 in Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote attackers to derive valid administrative/root credentials from the device's MAC address, enabling authentication bypass and full device access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Why these techniques?

The vulnerability uses a deterministic algorithm to generate administrative and root credentials from the device's MAC address, directly enabling adversaries to use default accounts (T1078.001) for remote unauthorized access without privileges.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-22910Shared CWE-1391
CVE-2026-22886Shared CWE-1391
CVE-2026-23853Shared CWE-1391
CVE-2025-2229Shared CWE-1391
CVE-2026-8076Shared CWE-1391
CVE-2024-43659Shared CWE-1391
CVE-2026-39920Shared CWE-1391
CVE-2024-52331Shared CWE-1391
CVE-2026-44351Shared CWE-1391

Affected Assets

Fcc
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Mandates secure authenticator management with sufficient strength of mechanism and procedures to prevent predictable generation from device attributes like the MAC address.

prevent

Requires timely identification, reporting, and remediation of flaws such as the deterministic credential algorithm via firmware upgrades.

prevent

Enforces secure baseline configuration settings to mitigate vulnerabilities from default or weak firmware credential mechanisms.

References