CVE-2025-26410

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 11, 2025

CWE ID 798

Summary

CVE-2025-26410 is a vulnerability affecting all Wattsense Bridge devices. The issue lies in the use of hard-coded, identical user and root credentials in the firmware. These credentials can be recovered through password cracking attempts, granting unauthorized access to the device. The login shell exposed via the serial interface allows the attacker to log in using these credentials. However, the backdoor user has been removed in firmware BSP version 6.4.1. This vulnerability poses a significant risk, particularly for devices not updated to the latest firmware version.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Bridge

Affected Vendors

Adobe

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3N0nYk
https://www.cve.org/CVERecord?id=CVE-2025-26410
https://nvd.nist.gov/vuln/detail/CVE-2025-26410

Back to Vulnerability Database