CVE-2026-11849: CWE-798: Use of Hard-coded Credentials in IEI Integration Corp iRM-TSi410X
CVE-2026-11849 is a critical vulnerability in IEI Integration Corp's iRM-TSi410X product, involving the use of hard-coded credentials. This flaw allows unauthenticated remote attackers to gain administrative privileges on the database by exploiting these embedded credentials. The vulnerability has a high CVSS 4.0 base score of 9.3, indicating severe impact with no required privileges or user interaction for exploitation.
AI Analysis
Technical Summary
The iRM-IEI Remote Management system developed by IEI Integration Corp contains a hard-coded credentials vulnerability (CWE-798) in the iRM-TSi410X product. This vulnerability permits unauthenticated remote attackers to leverage embedded credentials to obtain administrative access to the underlying database. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. No patch or official remediation level has been disclosed as of the publication date.
Potential Impact
Successful exploitation results in unauthorized administrative access to the database, potentially allowing attackers to fully control, modify, or disrupt database operations. This compromises confidentiality, integrity, and availability of the system data managed by iRM-TSi410X.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict network access to the affected system and monitor for unauthorized access attempts. Avoid exposing the iRM-TSi410X management interface to untrusted networks.
CVE-2026-11849: CWE-798: Use of Hard-coded Credentials in IEI Integration Corp iRM-TSi410X
Description
CVE-2026-11849 is a critical vulnerability in IEI Integration Corp's iRM-TSi410X product, involving the use of hard-coded credentials. This flaw allows unauthenticated remote attackers to gain administrative privileges on the database by exploiting these embedded credentials. The vulnerability has a high CVSS 4.0 base score of 9.3, indicating severe impact with no required privileges or user interaction for exploitation.
CVSS v4.0
Score 9.3critical
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The iRM-IEI Remote Management system developed by IEI Integration Corp contains a hard-coded credentials vulnerability (CWE-798) in the iRM-TSi410X product. This vulnerability permits unauthenticated remote attackers to leverage embedded credentials to obtain administrative access to the underlying database. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. No patch or official remediation level has been disclosed as of the publication date.
Potential Impact
Successful exploitation results in unauthorized administrative access to the database, potentially allowing attackers to fully control, modify, or disrupt database operations. This compromises confidentiality, integrity, and availability of the system data managed by iRM-TSi410X.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict network access to the affected system and monitor for unauthorized access attempts. Avoid exposing the iRM-TSi410X management interface to untrusted networks.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- twcert
- Date Reserved
- 2026-06-10T07:51:02.579Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a2be8e7e617e2d83456d17b
Added to database: 6/12/2026, 11:09:27 AM
Last enriched: 6/12/2026, 11:24:23 AM
Last updated: 6/12/2026, 12:20:03 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.