All the vulnerabilites related to ZEXELON CO., LTD. - ZWX-2000CSW2-HN
jvndb-2025-000049
Vulnerability from jvndb
Published
2025-07-16 13:54
Modified
2025-07-16 13:54
Severity ?
Summary
ZWX-2000CSW2-HN and ZWX-2000CS2-HN vulnerable to use of hard-coded credentials
Details
ZWX-2000CSW2-HN and ZWX-2000CS2-HN provided by ZEXELON CO., LTD. contain the following vulnerability.
* Use of Hard-coded Credentials (CWE-798) - CVE-2025-53842
This vulnerability is caused by an insufficient fix for CVE-2024-39838 (<a href="https://jvn.jp/en/jp/JVN70666401/"target="blank">JVN#70666401</a>).
Hiroki Sato of Institute of Science Tokyo reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN70666401/ | |
| JVN | https://jvn.jp/en/jp/JVN44419726/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2025-53842 | |
| No Mapping(CWE-Other) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000049.html",
"dc:date": "2025-07-16T13:54+09:00",
"dcterms:issued": "2025-07-16T13:54+09:00",
"dcterms:modified": "2025-07-16T13:54+09:00",
"description": "ZWX-2000CSW2-HN and ZWX-2000CS2-HN provided by ZEXELON CO., LTD. contain the following vulnerability.\r\n\r\n* Use of Hard-coded Credentials (CWE-798) - CVE-2025-53842\r\n\r\nThis vulnerability is caused by an insufficient fix for CVE-2024-39838 (\u003ca href=\"https://jvn.jp/en/jp/JVN70666401/\"target=\"blank\"\u003eJVN#70666401\u003c/a\u003e).\r\n\r\nHiroki Sato of Institute of Science Tokyo reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000049.html",
"sec:cpe": [
{
"#text": "cpe:/a:misc:zexelon_zwx-2000cs2-hn",
"@product": "ZWX-2000CS2-HN",
"@vendor": "ZEXELON CO., LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:zexelon_zwx-2000cs2-hn",
"@product": "ZWX-2000CS2-HN",
"@vendor": "ZEXELON CO., LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:zexelon_zwx-2000csw2-hn",
"@product": "ZWX-2000CSW2-HN",
"@vendor": "ZEXELON CO., LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:zexelon_zwx-2000csw2-hn",
"@product": "ZWX-2000CSW2-HN",
"@vendor": "ZEXELON CO., LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:zexelon_zwx-2000csw2-hn",
"@product": "ZWX-2000CSW2-HN",
"@vendor": "ZEXELON CO., LTD.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000049",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN70666401/",
"@id": "JVN#70666401",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/jp/JVN44419726/index.html",
"@id": "JVN#44419726",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-53842",
"@id": "CVE-2025-53842",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "ZWX-2000CSW2-HN and ZWX-2000CS2-HN vulnerable to use of hard-coded credentials"
}
jvndb-2024-000084
Vulnerability from jvndb
Published
2024-08-05 13:46
Modified
2024-08-05 13:46
Severity ?
Summary
Multiple vulnerabilities in ZEXELON ZWX-2000CSW2-HN
Details
ZWX-2000CSW2-HN provided by ZEXELON CO., LTD. is a high-speed coaxial modem with wireless LAN functions. ZWX-2000CSW2-HN contains multiple vulnerabilities listed below.
<ul>
<li>Use of hard-coded credentials (CWE-798) - CVE-2024-39838</li>
<li>Incorrect permission assignment for critical resource (CWE-732) - CVE-2024-41720</li>
</ul>
Hiroki Sato of Tokyo Institute of Technology reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| ZEXELON CO., LTD. | ZWX-2000CSW2-HN |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000084.html",
"dc:date": "2024-08-05T13:46+09:00",
"dcterms:issued": "2024-08-05T13:46+09:00",
"dcterms:modified": "2024-08-05T13:46+09:00",
"description": "ZWX-2000CSW2-HN provided by ZEXELON CO., LTD. is a high-speed coaxial modem with wireless LAN functions. ZWX-2000CSW2-HN contains multiple vulnerabilities listed below.\r\n\r\n\u003cul\u003e\r\n\u003cli\u003eUse of hard-coded credentials (CWE-798) - CVE-2024-39838\u003c/li\u003e\r\n\u003cli\u003eIncorrect permission assignment for critical resource (CWE-732) - CVE-2024-41720\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\nHiroki Sato of Tokyo Institute of Technology reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000084.html",
"sec:cpe": {
"#text": "cpe:/a:misc:zexelon_zwx-2000csw2-hn",
"@product": "ZWX-2000CSW2-HN",
"@vendor": "ZEXELON CO., LTD.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "8.0",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000084",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN70666401/index.html",
"@id": "JVN#70666401",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-39838",
"@id": "CVE-2024-39838",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-41720",
"@id": "CVE-2024-41720",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in ZEXELON ZWX-2000CSW2-HN"
}
cve-2025-53842
Vulnerability from cvelistv5
Published
2025-07-16 04:30
Modified
2025-07-18 14:47
Severity ?
4.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
6.8 (Medium) - CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
6.8 (Medium) - CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
EPSS score ?
Summary
Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN firmware all versions. If this vulnerability is exploited, an attacker may tamper with the settings of the device by obtaining the credentials. This vulnerability is caused by an insufficient fix for CVE-2024-39838.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| ZEXELON CO., LTD. | ZWX-2000CSW2-HN | |
| ZEXELON CO., LTD. | ZWX-2000CS2-HN |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53842",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-18T14:47:02.598589Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-18T14:47:09.380Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ZWX-2000CSW2-HN",
"vendor": "ZEXELON CO., LTD.",
"versions": [
{
"status": "affected",
"version": "prior to 0.3.19"
}
]
},
{
"product": "ZWX-2000CS2-HN",
"vendor": "ZEXELON CO., LTD.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN firmware all versions. If this vulnerability is exploited, an attacker may tamper with the settings of the device by obtaining the credentials. This vulnerability is caused by an insufficient fix for CVE-2024-39838."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Use of hard-coded credentials",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T04:30:36.624Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://zexelon.co.jp/pdf/jvn44419726.pdf"
},
{
"url": "https://jvn.jp/en/jp/JVN44419726/"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39838"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-53842",
"datePublished": "2025-07-16T04:30:36.624Z",
"dateReserved": "2025-07-10T01:58:07.983Z",
"dateUpdated": "2025-07-18T14:47:09.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39838
Vulnerability from cvelistv5
Published
2024-08-05 04:35
Modified
2025-03-25 16:20
Severity ?
EPSS score ?
Summary
ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a network-adjacent attacker with an administrative privilege to alter the configuration of the device.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| ZEXELON CO., LTD. | ZWX-2000CSW2-HN |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39838",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T13:27:03.329516Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T16:20:44.015Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ZWX-2000CSW2-HN",
"vendor": "ZEXELON CO., LTD.",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to Ver.0.3.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a network-adjacent attacker with an administrative privilege to alter the configuration of the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Hard-coded Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T04:35:39.287Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.zexelon.co.jp/pdf/jvn70666401.pdf"
},
{
"url": "https://jvn.jp/en/jp/JVN70666401/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-39838",
"datePublished": "2024-08-05T04:35:39.287Z",
"dateReserved": "2024-07-26T05:46:45.774Z",
"dateUpdated": "2025-03-25T16:20:44.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-41720
Vulnerability from cvelistv5
Published
2024-08-05 04:36
Modified
2025-03-17 15:02
Severity ?
EPSS score ?
Summary
Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| ZEXELON CO., LTD. | ZWX-2000CSW2-HN |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-41720",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T18:45:07.840217Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T15:02:35.181Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ZWX-2000CSW2-HN",
"vendor": "ZEXELON CO., LTD.",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to Ver.0.3.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T04:36:17.042Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.zexelon.co.jp/pdf/jvn70666401.pdf"
},
{
"url": "https://jvn.jp/en/jp/JVN70666401/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-41720",
"datePublished": "2024-08-05T04:36:17.042Z",
"dateReserved": "2024-07-26T05:46:46.795Z",
"dateUpdated": "2025-03-17T15:02:35.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}