Authentication Bypass Vulnerability in 70mai A510 Products
CVE-2025-2766

8.8HIGH

Key Information:

Vendor: 70mai
Status: A510
Vendor: CVE Published:; 6 June 2025

What is CVE-2025-2766?

The 70mai A510 exhibits a significant flaw due to its default password configuration, allowing attackers with network access to bypass authentication protocols. This misconfiguration permits unauthorized users to access and control the device, granting them the potential to execute arbitrary code as the root user. With no requirement for authentication, the vulnerability poses a serious risk to systems that utilize the affected product, making it crucial for users to change default passwords and implement enhanced security measures.

Affected Version(s)

A510 v1.0.40ww.2024.04.19

References

https://www.zerodayinitiative.com/advisories/ZDI-25-180/

x_research-advisory

CVSS V3.0

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2025
Vulnerability Reserved
Mar 24, 2025