Use of Hard-coded Password

CVE-2025-11126

High

8.9/10

Summary

A security flaw has been discovered in Apeman ID71 218.53.203.117. This vulnerability affects unknown code of the file /system/www/system.ini. The manipulation results in hard-coded credentials. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-259 - Use of Hard-coded Password

The software contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

References

Advisory Timeline

Published Sep 29, 2025

Use of Hard-coded Password

CVE-2025-11126

Summary

CWE-259 - Use of Hard-coded Password

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS