CVE-2025-2765 – CarlinKit CPC200-CCPA Hard-Coded Credentials Authentication Bypass

April 23, 2025

CVE ID : CVE-2025-2765

Published : April 23, 2025, 5:16 p.m. | 1 hour, 42 minutes ago

Description : CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the configuration of the wireless hotspot. The issue results from the use of hard-coded credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-24349.

Severity: 7.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-2769 – Bdrive NetDrive OpenSSL Privilege Escalation Vulnerability

Next Article CVE-2025-2762 – CarlinKit CPC200-CCPA Root of Trust Failure Privilege Escalation Vulnerability

CodeSOD: Functionally, a Date

Creating Elastic And Bounce Effects With Expressive Animator

Microsoft shares Insiders preview of Visual Studio 2026

From Data To Decisions: UX Strategies For Real-Time Dashboards

DistroWatch Weekly, Issue 1139

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Can I use React Server Components (RSCs) today?

Can I use React Server Components (RSCs) today?

Perficient Named among Notable Providers in Forrester’s Q3 2025 Commerce Services Landscape

Sarah McDowell Helps Clients Build a Strong AI Foundation Through Salesforce

I Ran Local LLMs on My Android Phone

I Ran Local LLMs on My Android Phone

DistroWatch Weekly, Issue 1139

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

CVE-2025-2765 – CarlinKit CPC200-CCPA Hard-Coded Credentials Authentication Bypass

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

He Hacked Servers, Not People — But Still Left a $4.5 Million Mess Behind

Streamline deep learning environments with Amazon Q Developer and MCP

CVE-2025-6359 – Code-projects Simple Pizza Ordering System SQL Injection Vulnerability

Rilasciato LXQt 2.2: L’ambiente desktop leggero si rinnova con Wayland e tante novità

Writing Your First Terraform Configuration: A Step-by-Step Guide

What Makes for a Good Stereoscopic Image?

16 Best Free and Open Source Linux Computer Algebra Systems

Stop Writing Bad Controllers: Laravel Custom Collections Transform Your Code

CVE-2025-2765 – CarlinKit CPC200-CCPA Hard-Coded Credentials Authentication Bypass

Related Posts