Default Credential Vulnerability in China Mobile Devices
CVE-2025-2398

8.6HIGH

Key Information:

Vendor

China Mobile

Status
P22g-ciac
Zxwt-mig-p4g4v
Zxwt-mig-p8g8v
Gt3200-4g4p
Vendor
CVE Published:
17 March 2025

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2025-2398?

A vulnerability exists in specific China Mobile devices involving the CLI su Command Handler, which could allow unauthorized access due to the use of default credentials. This issue affects several models, including P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P, and GT3200-8G8P, making it possible for attackers to exploit the devices remotely. The risk is heightened as the exploit has been publicly disclosed, yet the vendor has not responded to notifications regarding this critical security concern.

Affected Version(s)

GT3200-4G4P 20250305

GT3200-8G8P 20250305

P22g-CIac 20250305

References

https://vuldb.com/?id.299897
vdb-entry
https://vuldb.com/?ctiid.299897
signaturepermissions-required
https://github.com/Fizz-L/Vulnerability-report/blob/main/...
exploit

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.