High severity8.8NVD Advisory· Published Apr 23, 2025· Updated Jun 17, 2026
CVE-2025-2765
CVE-2025-2765
Description
CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the configuration of the wireless hotspot. The issue results from the use of hard-coded credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-24349.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: 2024.01.19.1541
Patches
Vulnerability mechanics
References
1- www.zerodayinitiative.com/advisories/ZDI-25-177/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.