Skip to main content

CVE-2025-46273: CWE-798 Use of Hard-coded Credentials in Planet Technology UNI-NMS-Lite

Medium
Published: Thu Apr 24 2025 (04/24/2025, 22:57:21 UTC)
Source: CVE
Vendor/Project: Planet Technology
Product: UNI-NMS-Lite

Description

UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to gain administrative privileges to all UNI-NMS managed devices.

AI-Powered Analysis

AILast updated: 06/24/2025, 13:42:33 UTC

Technical Analysis

CVE-2025-46273 identifies a critical security vulnerability in Planet Technology's UNI-NMS-Lite network management software. The vulnerability stems from the use of hard-coded credentials embedded within the software, classified under CWE-798. These hard-coded credentials allow an unauthenticated attacker to bypass normal authentication mechanisms and gain administrative privileges over all devices managed by UNI-NMS-Lite. Since the credentials are hard-coded, they cannot be changed or disabled by the end user, making the vulnerability persistent and exploitable as long as the affected version is in use. The vulnerability affects version 0 of UNI-NMS-Lite, which likely corresponds to an initial or early release. The lack of authentication requirement and the administrative level of access granted mean that an attacker can fully control the managed devices, potentially altering configurations, disrupting network operations, or deploying further malicious payloads. Although no known exploits have been reported in the wild yet, the nature of the vulnerability makes it a high-risk target for attackers seeking to compromise network infrastructure. The absence of available patches at the time of publication further exacerbates the risk, leaving organizations dependent on mitigation strategies until an official fix is released.

Potential Impact

For European organizations, the impact of this vulnerability can be significant, particularly for those relying on Planet Technology's UNI-NMS-Lite for network device management. Compromise of administrative credentials can lead to full control over network devices, enabling attackers to disrupt critical communications, exfiltrate sensitive data, or launch lateral attacks within corporate or industrial networks. This is especially concerning for sectors with high dependency on network reliability and security, such as telecommunications, manufacturing, energy, and critical infrastructure. The vulnerability undermines the confidentiality, integrity, and availability of network management operations. Given the unauthenticated nature of the exploit, attackers can operate remotely without prior access, increasing the attack surface. The potential for widespread impact is elevated in environments where UNI-NMS-Lite manages multiple devices across distributed networks, common in large European enterprises and service providers.

Mitigation Recommendations

Since no patches are currently available, European organizations should implement immediate compensating controls. First, restrict network access to UNI-NMS-Lite management interfaces by enforcing strict firewall rules and network segmentation to limit exposure to trusted administrative networks only. Employ VPNs or secure tunnels for remote management access to reduce the risk of unauthorized connections. Monitor network traffic and device logs for unusual access patterns or unauthorized administrative actions indicative of exploitation attempts. Where possible, replace UNI-NMS-Lite with alternative network management solutions that do not contain hard-coded credentials. Engage with Planet Technology to obtain timelines for patch releases and apply updates promptly once available. Additionally, conduct thorough audits of all devices managed by UNI-NMS-Lite to identify any unauthorized changes or signs of compromise. Implement multi-factor authentication (MFA) on network management systems where supported to add an additional layer of security beyond credentials.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
icscert
Date Reserved
2025-04-22T15:31:46.237Z
Cisa Enriched
true

Threat ID: 682d983ec4522896dcbf0204

Added to database: 5/21/2025, 9:09:18 AM

Last enriched: 6/24/2025, 1:42:33 PM

Last updated: 7/8/2025, 6:19:01 PM

Views: 7

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats