CVE-2025-22938
Published: 31 March 2025
Description
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Security Summary
CVE-2025-22938 affects the Adtran 411 ONT running firmware version L80.00.0011.M2, which contains weak default passwords. This vulnerability, published on 2025-03-31, is rated with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-1393. The issue enables unauthorized access due to easily guessable or known default credentials on the optical network terminal (ONT) device.
A remote attacker with network access can exploit this vulnerability without privileges or user interaction by leveraging the weak default passwords to authenticate and gain control. Successful exploitation allows high-impact compromise, including unauthorized access to confidential data, modification of system integrity, and disruption of availability, potentially leading to full device takeover.
Advisories and further details are available in the provided references, including https://drive.google.com/file/d/1levaZk5aC6g6a2zPW8xlOIVAu9MFYvAz/view and https://lanrat.com/posts/adtran-isp-hacking/.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability consists of weak/default credentials on a remotely accessible device, directly enabling initial access via known default accounts without authentication.