Description
The 
iRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials vulnerability, allowing unauthenticated remote attackers to exploit hard-coded credentials to gain administrative privileges on the database.
Published: 2026-06-12
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in iRM-IEI Remote Management is a Hardcoded Credentials flaw that allows unauthenticated attackers to use preset credentials to access the device’s database with administrative rights. This direct privilege escalation could enable attackers to read, modify, or delete configuration data, and potentially further compromise the system. The weakness falls under CWE-798, indicating insecure handling of secrets within the software.

Affected Systems

IEI Integration Corp’s iRM-TSi410X product is affected. Specific vulnerable versions are not listed in the available information.

Risk and Exploitability

The CVSS score of 9.3 indicates a critical severity, and the EPSS score is not available, so no quantifiable exploitation probability can be provided. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a remote network-based interaction with the device’s management interface, where the hardcoded credentials can be exploited by unauthenticated users striving to gain administrative access.

Generated by OpenCVE AI on June 12, 2026 at 12:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s latest firmware patch that eliminates hard‑coded credentials, if one is available.
  • Change the default administrative passwords to strong, unique values and enforce a password policy on the device.
  • Restrict network access to the management interface by implementing firewall or IP filtering rules to allow only trusted administrators.

Generated by OpenCVE AI on June 12, 2026 at 12:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Iei Integration Corp
Iei Integration Corp irm-tsi410x
Vendors & Products Iei Integration Corp
Iei Integration Corp irm-tsi410x

Fri, 12 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 12 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
Description The  iRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials vulnerability, allowing unauthenticated remote attackers to exploit hard-coded credentials to gain administrative privileges on the database.
Title IEI Integration Corp|iRM-IEI Remote Management - Hard-coded Credentials
Weaknesses CWE-798
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Iei Integration Corp Irm-tsi410x
cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-06-12T12:15:33.491Z

Reserved: 2026-06-10T07:51:02.579Z

Link: CVE-2026-11849

cve-icon Vulnrichment

Updated: 2026-06-12T12:15:29.762Z

cve-icon NVD

Status : Deferred

Published: 2026-06-12T11:16:22.527

Modified: 2026-06-12T16:00:18.860

Link: CVE-2026-11849

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T20:20:41Z

Weaknesses
  • CWE-798

    Use of Hard-coded Credentials