CVE-2025-46273: CWE-798 Use of Hard-coded Credentials in Planet Technology UNI-NMS-Lite
UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to gain administrative privileges to all UNI-NMS managed devices.
AI Analysis
Technical Summary
CVE-2025-46273 identifies a critical security vulnerability in Planet Technology's UNI-NMS-Lite network management software. The vulnerability stems from the use of hard-coded credentials embedded within the software, classified under CWE-798. These hard-coded credentials allow an unauthenticated attacker to bypass normal authentication mechanisms and gain administrative privileges over all devices managed by UNI-NMS-Lite. Since the credentials are hard-coded, they cannot be changed or disabled by the end user, making the vulnerability persistent and exploitable as long as the affected version is in use. The vulnerability affects version 0 of UNI-NMS-Lite, which likely corresponds to an initial or early release. The lack of authentication requirement and the administrative level of access granted mean that an attacker can fully control the managed devices, potentially altering configurations, disrupting network operations, or deploying further malicious payloads. Although no known exploits have been reported in the wild yet, the nature of the vulnerability makes it a high-risk target for attackers seeking to compromise network infrastructure. The absence of available patches at the time of publication further exacerbates the risk, leaving organizations dependent on mitigation strategies until an official fix is released.
Potential Impact
For European organizations, the impact of this vulnerability can be significant, particularly for those relying on Planet Technology's UNI-NMS-Lite for network device management. Compromise of administrative credentials can lead to full control over network devices, enabling attackers to disrupt critical communications, exfiltrate sensitive data, or launch lateral attacks within corporate or industrial networks. This is especially concerning for sectors with high dependency on network reliability and security, such as telecommunications, manufacturing, energy, and critical infrastructure. The vulnerability undermines the confidentiality, integrity, and availability of network management operations. Given the unauthenticated nature of the exploit, attackers can operate remotely without prior access, increasing the attack surface. The potential for widespread impact is elevated in environments where UNI-NMS-Lite manages multiple devices across distributed networks, common in large European enterprises and service providers.
Mitigation Recommendations
Since no patches are currently available, European organizations should implement immediate compensating controls. First, restrict network access to UNI-NMS-Lite management interfaces by enforcing strict firewall rules and network segmentation to limit exposure to trusted administrative networks only. Employ VPNs or secure tunnels for remote management access to reduce the risk of unauthorized connections. Monitor network traffic and device logs for unusual access patterns or unauthorized administrative actions indicative of exploitation attempts. Where possible, replace UNI-NMS-Lite with alternative network management solutions that do not contain hard-coded credentials. Engage with Planet Technology to obtain timelines for patch releases and apply updates promptly once available. Additionally, conduct thorough audits of all devices managed by UNI-NMS-Lite to identify any unauthorized changes or signs of compromise. Implement multi-factor authentication (MFA) on network management systems where supported to add an additional layer of security beyond credentials.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Belgium, Sweden, Finland
CVE-2025-46273: CWE-798 Use of Hard-coded Credentials in Planet Technology UNI-NMS-Lite
Description
UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to gain administrative privileges to all UNI-NMS managed devices.
AI-Powered Analysis
Technical Analysis
CVE-2025-46273 identifies a critical security vulnerability in Planet Technology's UNI-NMS-Lite network management software. The vulnerability stems from the use of hard-coded credentials embedded within the software, classified under CWE-798. These hard-coded credentials allow an unauthenticated attacker to bypass normal authentication mechanisms and gain administrative privileges over all devices managed by UNI-NMS-Lite. Since the credentials are hard-coded, they cannot be changed or disabled by the end user, making the vulnerability persistent and exploitable as long as the affected version is in use. The vulnerability affects version 0 of UNI-NMS-Lite, which likely corresponds to an initial or early release. The lack of authentication requirement and the administrative level of access granted mean that an attacker can fully control the managed devices, potentially altering configurations, disrupting network operations, or deploying further malicious payloads. Although no known exploits have been reported in the wild yet, the nature of the vulnerability makes it a high-risk target for attackers seeking to compromise network infrastructure. The absence of available patches at the time of publication further exacerbates the risk, leaving organizations dependent on mitigation strategies until an official fix is released.
Potential Impact
For European organizations, the impact of this vulnerability can be significant, particularly for those relying on Planet Technology's UNI-NMS-Lite for network device management. Compromise of administrative credentials can lead to full control over network devices, enabling attackers to disrupt critical communications, exfiltrate sensitive data, or launch lateral attacks within corporate or industrial networks. This is especially concerning for sectors with high dependency on network reliability and security, such as telecommunications, manufacturing, energy, and critical infrastructure. The vulnerability undermines the confidentiality, integrity, and availability of network management operations. Given the unauthenticated nature of the exploit, attackers can operate remotely without prior access, increasing the attack surface. The potential for widespread impact is elevated in environments where UNI-NMS-Lite manages multiple devices across distributed networks, common in large European enterprises and service providers.
Mitigation Recommendations
Since no patches are currently available, European organizations should implement immediate compensating controls. First, restrict network access to UNI-NMS-Lite management interfaces by enforcing strict firewall rules and network segmentation to limit exposure to trusted administrative networks only. Employ VPNs or secure tunnels for remote management access to reduce the risk of unauthorized connections. Monitor network traffic and device logs for unusual access patterns or unauthorized administrative actions indicative of exploitation attempts. Where possible, replace UNI-NMS-Lite with alternative network management solutions that do not contain hard-coded credentials. Engage with Planet Technology to obtain timelines for patch releases and apply updates promptly once available. Additionally, conduct thorough audits of all devices managed by UNI-NMS-Lite to identify any unauthorized changes or signs of compromise. Implement multi-factor authentication (MFA) on network management systems where supported to add an additional layer of security beyond credentials.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- icscert
- Date Reserved
- 2025-04-22T15:31:46.237Z
- Cisa Enriched
- true
Threat ID: 682d983ec4522896dcbf0204
Added to database: 5/21/2025, 9:09:18 AM
Last enriched: 6/24/2025, 1:42:33 PM
Last updated: 7/8/2025, 6:19:01 PM
Views: 7
Related Threats
CVE-2025-6742: CWE-502 Deserialization of Untrusted Data in brainstormforce SureForms – Drag and Drop Form Builder for WordPress
HighCVE-2025-6691: CWE-73 External Control of File Name or Path in brainstormforce SureForms – Drag and Drop Form Builder for WordPress
HighCVE-2025-7218: SQL Injection in Campcodes Payroll Management System
MediumCVE-2025-7217: SQL Injection in Campcodes Payroll Management System
MediumCVE-2025-7216: Deserialization in lty628 Aidigu
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.