QSearchQSearch

CVE-2026-7251

9.8 CRITICAL

Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password

Published: 2026-05-26 · Last updated: 2026-06-04

Severity and scoring

CVSS
9.8 CRITICAL
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-259

Description

Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the attacker would have full access to all control panel features for the BioFlo 320. VNC traffic is not encrypted.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-11552 A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management ... (5.3 MEDIUM)
  • CVE-2026-11515 A vulnerability has been found in SourceCodester Barangay Resident Profiling and Information Management System 1.0 (5.3 MEDIUM)
  • CVE-2026-35905 T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 were discovered to contain a hardcoded password for root acce... (9.8 CRITICAL)
  • CVE-2026-22055 Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perf...
  • CVE-2026-22054 Active IQ Config Advisor version 6.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to ...