{"uuid": "bdf7b9cd-ba5f-4fe2-a0fc-ad3b78ef610a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-71317", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/116699103506638031", "content": "\nNetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access. A remote, unauthenticated attacker can authenticate through the cgi-bin/login.cgi endpoint (for example /cgi-bin/login.cgi?username=eurek&password=eurek, which due to lax parameter validation can be shortened to /cgi-bin/login.cgi?username=eurek%20eurek) to obtain administrator privileges, allowing them to alter device configuration, enable the telnet/SSH services, and reset local user credentials.\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-71317", "creation_timestamp": "2026-06-05T19:16:45.454012Z"}