The vulnerability arises from a hard‑coded AES‑256‑CBC key embedded in the configuration backup/restore routines of the Sercomm SCE4255W (FreedomFi Englewood). An authenticated user can export a configuration file, have the device decrypt it using the internal key, modify user credentials, re‑encrypt the file, and import it back. This manipulation permits an attacker to replace existing administrative credentials or create new privileged accounts, effectively elevating privileges on the device. The weakness corresponds to CWE‑321, the use of non‑random keys.

Affected devices are the Sercomm SCE4255W (FreedomFi Englewood) small‑cell radios running firmware versions earlier than DG3934v3@2308041842. The known references point to the 2025 firmware build, suggesting that any device firmware deployed before this build inherits the hard‑coded key. Network administrators should verify the firmware release on each unit and mark those running older builds as vulnerable.

The CVSS score of 9.8 indicates a maximum severity, yet the EPSS score is below 1 %, and the weakness is not listed in the CISA KEV catalog. The attack requires remote authenticated access and interaction with the GUI import/export functions; an attacker who gains credentials can carry out the exploit without additional code execution. Given the high impact and the ease of manipulating configuration data, systems operators should treat this as an imminent threat and address it immediately.