CVE-2025-9964
HIGHCVSS Vector
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2Description
No password for the root user is set in Novakon P series. This allows phyiscal attackers to enter the console easily. This issue affects P series: P - V2001.A.C518o2.
Analysis
No password for the root user is set in Novakon P series. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical Context
This vulnerability is classified under CWE-521. No password for the root user is set in Novakon P series. This allows phyiscal attackers to enter the console easily.A.C518o2.
Affected Products
Novakon P series. This.
Remediation
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today