Hard-Coded Credentials Vulnerability in ZWX-2000CSW2-HN and ZWX-2000CS2-HN Devices
CVE-2025-53842

6.8MEDIUM

Key Information:

Vendor: Zexelon Co., Ltd.
Status: Zwx-2000csw2-hn; Zwx-2000cs2-hn
Vendor: CVE Published:; 16 July 2025

🔔 Create Zexelon Co., Ltd. Vulnerability Alert

What is CVE-2025-53842?

A hard-coded credentials vulnerability exists in the ZWX-2000CSW2-HN device prior to version 0.3.19 and in all versions of the ZWX-2000CS2-HN firmware. This flaw allows an attacker to gain unauthorized access to device settings by exploiting the hard-coded credentials. Furthermore, this vulnerability arose from an insufficient remediation of a previous issue identified in another CVE. Organizations using these devices are advised to take action to mitigate potential risks associated with this security concern.

Affected Version(s)

ZWX-2000CS2-HN all versions

ZWX-2000CSW2-HN prior to 0.3.19

References

https://zexelon.co.jp/pdf/jvn44419726.pdf

https://jvn.jp/en/jp/JVN44419726/

https://www.cve.org/CVERecord?id=CVE-2024-39838

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

4.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 16, 2025
Vulnerability Reserved
Jul 10, 2025