All the vulnerabilites related to ZEXELON CO., LTD. - ZWX-2000CS2-HN
jvndb-2025-000049
Vulnerability from jvndb
Published
2025-07-16 13:54
Modified
2025-07-16 13:54
Severity ?
Summary
ZWX-2000CSW2-HN and ZWX-2000CS2-HN vulnerable to use of hard-coded credentials
Details
ZWX-2000CSW2-HN and ZWX-2000CS2-HN provided by ZEXELON CO., LTD. contain the following vulnerability.
* Use of Hard-coded Credentials (CWE-798) - CVE-2025-53842
This vulnerability is caused by an insufficient fix for CVE-2024-39838 (<a href="https://jvn.jp/en/jp/JVN70666401/"target="blank">JVN#70666401</a>).
Hiroki Sato of Institute of Science Tokyo reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN70666401/ | |
| JVN | https://jvn.jp/en/jp/JVN44419726/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2025-53842 | |
| No Mapping(CWE-Other) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000049.html",
"dc:date": "2025-07-16T13:54+09:00",
"dcterms:issued": "2025-07-16T13:54+09:00",
"dcterms:modified": "2025-07-16T13:54+09:00",
"description": "ZWX-2000CSW2-HN and ZWX-2000CS2-HN provided by ZEXELON CO., LTD. contain the following vulnerability.\r\n\r\n* Use of Hard-coded Credentials (CWE-798) - CVE-2025-53842\r\n\r\nThis vulnerability is caused by an insufficient fix for CVE-2024-39838 (\u003ca href=\"https://jvn.jp/en/jp/JVN70666401/\"target=\"blank\"\u003eJVN#70666401\u003c/a\u003e).\r\n\r\nHiroki Sato of Institute of Science Tokyo reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000049.html",
"sec:cpe": [
{
"#text": "cpe:/a:misc:zexelon_zwx-2000cs2-hn",
"@product": "ZWX-2000CS2-HN",
"@vendor": "ZEXELON CO., LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:zexelon_zwx-2000cs2-hn",
"@product": "ZWX-2000CS2-HN",
"@vendor": "ZEXELON CO., LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:zexelon_zwx-2000csw2-hn",
"@product": "ZWX-2000CSW2-HN",
"@vendor": "ZEXELON CO., LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:zexelon_zwx-2000csw2-hn",
"@product": "ZWX-2000CSW2-HN",
"@vendor": "ZEXELON CO., LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:zexelon_zwx-2000csw2-hn",
"@product": "ZWX-2000CSW2-HN",
"@vendor": "ZEXELON CO., LTD.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000049",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN70666401/",
"@id": "JVN#70666401",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/jp/JVN44419726/index.html",
"@id": "JVN#44419726",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-53842",
"@id": "CVE-2025-53842",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "ZWX-2000CSW2-HN and ZWX-2000CS2-HN vulnerable to use of hard-coded credentials"
}
cve-2025-53842
Vulnerability from cvelistv5
Published
2025-07-16 04:30
Modified
2025-07-18 14:47
Severity ?
4.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
6.8 (Medium) - CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
6.8 (Medium) - CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
EPSS score ?
Summary
Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN firmware all versions. If this vulnerability is exploited, an attacker may tamper with the settings of the device by obtaining the credentials. This vulnerability is caused by an insufficient fix for CVE-2024-39838.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| ZEXELON CO., LTD. | ZWX-2000CSW2-HN | |
| ZEXELON CO., LTD. | ZWX-2000CS2-HN |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53842",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-18T14:47:02.598589Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-18T14:47:09.380Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ZWX-2000CSW2-HN",
"vendor": "ZEXELON CO., LTD.",
"versions": [
{
"status": "affected",
"version": "prior to 0.3.19"
}
]
},
{
"product": "ZWX-2000CS2-HN",
"vendor": "ZEXELON CO., LTD.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN firmware all versions. If this vulnerability is exploited, an attacker may tamper with the settings of the device by obtaining the credentials. This vulnerability is caused by an insufficient fix for CVE-2024-39838."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Use of hard-coded credentials",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T04:30:36.624Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://zexelon.co.jp/pdf/jvn44419726.pdf"
},
{
"url": "https://jvn.jp/en/jp/JVN44419726/"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39838"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-53842",
"datePublished": "2025-07-16T04:30:36.624Z",
"dateReserved": "2025-07-10T01:58:07.983Z",
"dateUpdated": "2025-07-18T14:47:09.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}