CVE-2025-62777 is a vulnerability identified in PLANEX COMMUNICATIONS INC.'s MZK-DP300N networking device, specifically in firmware versions 1.07 and earlier. The core issue is the presence of hard-coded credentials embedded within the device's Telnet service, which allows an attacker with access to the local network to log in without needing to know any user-specific passwords. Once logged in, the attacker can execute arbitrary commands on the device, effectively gaining control over it. This can lead to a full compromise of the device's confidentiality, integrity, and availability. The vulnerability does not require prior authentication or user interaction, making it easier to exploit for an attacker who has local network access. The attack vector is local network access (AV:A), with low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The vulnerability scope is unchanged (S:U), but the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), resulting in a CVSS v3.0 score of 8.8. Although no exploits have been reported in the wild yet, the presence of hard-coded credentials is a critical security flaw that can be leveraged for lateral movement, network reconnaissance, or launching further attacks within the network. The lack of patch links indicates that a fix may not yet be publicly available, emphasizing the need for immediate mitigation steps by affected users.

For European organizations, this vulnerability poses a significant risk, especially in environments where PLANEX MZK-DP300N devices are deployed as part of network infrastructure. Successful exploitation can lead to unauthorized access to network devices, enabling attackers to intercept or manipulate network traffic, disrupt services, or pivot to other internal systems. This can result in data breaches, operational downtime, and potential regulatory non-compliance under GDPR if personal data is compromised. Sectors such as telecommunications, manufacturing, and critical infrastructure that rely on stable and secure network devices are particularly vulnerable. The requirement for local network access somewhat limits remote exploitation but does not eliminate risk, as attackers can gain local access through compromised endpoints or insider threats. The absence of known exploits in the wild provides a window for proactive defense, but the high severity demands urgent attention to prevent potential exploitation.

1. Immediately audit networks to identify all PLANEX MZK-DP300N devices running firmware version 1.07 or earlier. 2. Disable Telnet access on these devices if possible, or restrict it strictly to trusted management networks. 3. Implement network segmentation to isolate vulnerable devices from general user networks and limit local network access. 4. Monitor network traffic and device logs for unusual Telnet login attempts or command executions. 5. Apply firmware updates or patches from PLANEX as soon as they become available; if no official patch exists, consider replacing affected devices. 6. Use strong network access controls and authentication mechanisms to reduce the risk of unauthorized local access. 7. Educate network administrators about the risks of hard-coded credentials and the importance of secure device configuration. 8. Employ intrusion detection/prevention systems tuned to detect suspicious Telnet activity targeting these devices.