Description
A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-26 UTC.
Published: 2025-06-24
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Administrative Access via Hardcoded Credentials
Action: Apply Patch
AI Analysis

Impact

The vulnerability allows an attacker to enter an embedded device using pre‑defined accounts that are hard‑coded into the Blue Angel Software Suite. Once authenticated, the attacker gains administrative control over the web interface and can modify configuration, install additional software, or cause a denial of service. This grants complete confidentiality and integrity compromise and can ultimately affect device availability.

Affected Systems

All installations of the 5VTechnologies Blue Angel Software Suite running on embedded Linux that contain the hard‑coded default accounts. No specific product versions are listed, so any release with this weakness is potentially vulnerable.

Risk and Exploitability

The CVSS score of 9.3 indicates a severe risk. The EPSS score of <1% suggests a low probability of exploitation, but the vulnerability has already been demonstrated by the Shadowserver Foundation on January 26, 2025. Attackers can exploit the flaw remotely through the web interface, likely over a network accessible to them. The risk remains high because the vulnerability provides full administrative privileges without prior authentication.

Generated by OpenCVE AI on April 28, 2026 at 01:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Contact 5VTechnologies to obtain an updated version that removes hard‑coded accounts.
  • Change all default or hard‑coded passwords on the device to unique, strong credentials as soon as possible.
  • Restrict access to the web interface by configuring firewall rules or access control lists to permit only trusted IP ranges or internal network segments.
  • Monitor system logs for repeated failed or successful login attempts and employ intrusion detection if available.

Generated by OpenCVE AI on April 28, 2026 at 01:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-18968 A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface.
History

Thu, 20 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
Description A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface. Exploitation evidence was observed by the Shadowserver Foundation on 2025-08-24 UTC. A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-26 UTC.

Mon, 17 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
Description A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface. A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface. Exploitation evidence was observed by the Shadowserver Foundation on 2025-08-24 UTC.

Wed, 09 Jul 2025 19:30:00 +0000

Type Values Removed Values Added
First Time appeared 5vtechnologies
5vtechnologies blue Angel Software Suite
CPEs cpe:2.3:a:5vtechnologies:blue_angel_software_suite:*:*:*:*:*:*:*:*
Vendors & Products 5vtechnologies
5vtechnologies blue Angel Software Suite
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Tue, 24 Jun 2025 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 24 Jun 2025 04:45:00 +0000

Type Values Removed Values Added
References

Tue, 24 Jun 2025 03:15:00 +0000

Type Values Removed Values Added
References

Tue, 24 Jun 2025 01:15:00 +0000

Type Values Removed Values Added
Description A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface.
Title 5VTechnologies Blue Angel Software Suite Hardcoded Credentials
Weaknesses CWE-798
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

5vtechnologies Blue Angel Software Suite
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-07T14:09:09.400Z

Reserved: 2025-04-15T19:15:22.546Z

Link: CVE-2025-34034

cve-icon Vulnrichment

Updated: 2025-06-24T21:55:14.372Z

cve-icon NVD

Status : Modified

Published: 2025-06-24T01:15:24.630

Modified: 2025-11-20T22:15:56.047

Link: CVE-2025-34034

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T01:30:17Z

Weaknesses