Description
Glory RBG-100 recycler systems using the ISPK-08 software component contain hard-coded operating system credentials that allow remote authentication to the underlying Linux system. Multiple local user accounts, including accounts with administrative privileges, were found to have fixed, embedded passwords. An attacker with network access to exposed services such as SSH may authenticate using these credentials and gain unauthorized access to the system. Successful exploitation allows remote access with elevated privileges and may result in full system compromise.
Published: 2026-02-17
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

The RBG‑100 recycler system incorporates hard‑coded operating system credentials within its ISPK‑08 component. These embedded passwords enable an attacker with network access to authenticate to the underlying Linux system, even though no valid login session would ordinarily be possible. Because many of the embedded accounts hold administrative privileges, successful authentication leads to elevated access and ultimately full system compromise. This weakness is a classic instance of insecure credential storage, classified under CWE‑798.

Affected Systems

Glory Global Solutions RBG‑100 recycler systems that use the ISPK‑08 software component are impacted. Multiple local user accounts, including those with administrative rights, contain fixed, embedded passwords.

Risk and Exploitability

The vulnerability carries a CVSS score of 9.3, indicating a high severity for remote privilege escalation. The EPSS score is lower than 1%, suggesting that current exploitation attempts appear uncommon, yet the possibility remains. It is not listed in the CISA Known Exploited Vulnerabilities catalog. The likely attack vector is through exposed network services such as SSH, where an attacker can supply the hard‑coded credentials to gain unauthenticated remote access and then elevate privileges.

Generated by OpenCVE AI on April 18, 2026 at 12:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest vendor firmware or software update that removes hard‑coded credentials from the RBG‑100 system.
  • Immediately change or disable any default user accounts that contain embedded passwords to prevent unauthorized logins.
  • Restrict network exposure of services like SSH by placing the systems behind firewalls, limiting access to trusted IP ranges, and, if possible, enforcing multi‑factor authentication for remote management.

Generated by OpenCVE AI on April 18, 2026 at 12:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 18 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Glory Global Solutions
Glory Global Solutions rbg-100
Vendors & Products Glory Global Solutions
Glory Global Solutions rbg-100

Tue, 17 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Tue, 17 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 17 Feb 2026 17:00:00 +0000

Type Values Removed Values Added
Description Glory RBG-100 recycler systems using the ISPK-08 software component contain hard-coded operating system credentials that allow remote authentication to the underlying Linux system. Multiple local user accounts, including accounts with administrative privileges, were found to have fixed, embedded passwords. An attacker with network access to exposed services such as SSH may authenticate using these credentials and gain unauthorized access to the system. Successful exploitation allows remote access with elevated privileges and may result in full system compromise.
Title Glory RBG-100 Recycler System Hard-coded OS Credentials
Weaknesses CWE-798
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Glory Global Solutions Rbg-100
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-02-18T15:33:38.469Z

Reserved: 2026-01-14T16:55:09.103Z

Link: CVE-2026-23647

cve-icon Vulnrichment

Updated: 2026-02-17T18:36:21.386Z

cve-icon NVD

Status : Deferred

Published: 2026-02-17T17:21:05.040

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-23647

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T12:15:15Z

Weaknesses