CVE-2020-12732

Vulnerability

The DEPSTECH WiFi Digital Microscope 3 (model identified as the WiFi Digital Microscope 3) has a default SSID of Jetion_xxxxxxxx and a default password of 12345678. This configuration is set at the factory and is not changed during initial setup. Affected versions include all devices with this default credential set, as described in the advisory [1].

Exploitation

An attacker within Wi-Fi range can scan for visible networks, identify the SSID pattern Jetion_xxxxxxxx, and use the known password 12345678 to connect to the microscope's wireless access point. No authentication bypass or additional steps are required; the default credentials are static and documented [1].

Impact

A successful attacker gains full network access to the microscope's control interface. This can lead to unauthorized viewing of the camera stream, interception of image data, and potential manipulation of device settings. The impact is limited to the local Wi-Fi network segment, but the default credentials make the device trivially exploitable by anyone within radio range.

Mitigation

As of the publication date (2021-07-15), no vendor-issued firmware update or remediation has been released to address this issue. Users are advised to change the default SSID and password through the device's web interface if supported, or to isolate the device on a separate VLAN. The vulnerability is not currently listed on CISA’s Known Exploited Vulnerabilities (KEV) catalog [1].