Cyber Posture

CVE-2025-67112

Critical

Published: 19 March 2026

Published
19 March 2026
Modified
24 March 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0015 34.5th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt device configurations, enabling credential manipulation and privilege escalation via the…

more

GUI import/export functions.

Mitigating Controls (NIST 800-53 r5)AI

SC-12 Cryptographic Key Establishment and Management good match
prevent

Mandates proper cryptographic key establishment and management, directly preventing the use of hard-coded keys in the configuration backup/restore encryption.

SI-2 Flaw Remediation good match
prevent

Requires timely identification, reporting, and remediation of flaws like the hard-coded key vulnerability through firmware upgrades.

SC-28 Protection of Information at Rest good match
prevent

Implements cryptographic protections for information at rest such as device configurations, preventing unauthorized decryption, modification, and re-encryption.

Security SummaryAI

CVE-2025-67112 is a critical vulnerability involving the use of a hard-coded AES-256-CBC key in the configuration backup and restore implementation of the Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware versions prior to DG3934v3@2308041842. This flaw, classified under CWE-321 (Use of Hard-coded Cryptographic Key), has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-03-19.

Remote authenticated users can exploit this vulnerability by leveraging the GUI import/export functions to decrypt device configurations, modify sensitive data such as credentials, re-encrypt the configurations, and then restore them. Successful exploitation enables credential manipulation and privilege escalation on the affected device.

Mitigation requires upgrading to firmware version DG3934v3@2308041842 or later. Additional details are available in related advisories and documentation, including the FCC report at https://fcc.report/FCC-ID/P27-SCE4255W/4790935.pdf, the FreedomFi website at https://freedomfi.com/index.html, and a technical blog post at https://neroteam.com/blog/freedomfi-sercomm-sce4255w-englewood.

Details

CWE(s)
CWE-321

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1098 Account Manipulation Persistence
Adversaries may manipulate accounts to maintain and/or elevate access to victim systems.
attack.mitre.org →
T1602.002 Network Device Configuration Dump Collection
Adversaries may access network configuration files to collect sensitive data about the device and the network.
attack.mitre.org →
Why these techniques?

The vulnerability directly enables network device configuration dumping (T1602.002) via decryption of backups with a hard-coded key, account/credential manipulation (T1098) by modifying sensitive data in configs, and exploitation for privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References