CVE-2025-71317

9.8 CRITICAL

NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access

Published: 2026-06-05 · Last updated: 2026-06-05

Severity and scoring

CVSS: 9.8 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-798

Description

NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access. A remote, unauthenticated attacker can authenticate through the cgi-bin/login.cgi endpoint (for example /cgi-bin/login.cgi?username=eurek&password=eurek, which due to lax parameter validation can be shortened to /cgi-bin/login.cgi?username=eurek%20eurek) to obtain administrator privileges, allowing them to alter device configuration, enable the telnet/SSH services, and reset local user credentials.

Source: NVD

References

Related CVEs

Same CWE

CVE-2026-47281 — Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network (9.6 CRITICAL)
CVE-2026-11414 — A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service
CVE-2026-21404 — NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation (6.3 MEDIUM)
CVE-2026-50213 — The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predi... (7.5 HIGH)
CVE-2026-49204 — Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation (6.5 MEDIUM)