Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-62777

CVE-2025-62777: MZK-DP300N Auth Bypass Vulnerability

CVE-2025-62777 is an authentication bypass flaw in MZK-DP300N due to hard-coded credentials. Attackers on the local network can log in via Telnet and execute arbitrary commands. This article covers technical details, affected versions, impact, and mitigation strategies.

Published:

CVE-2025-62777 Overview

CVE-2025-62777 is a hard-coded credentials vulnerability [CWE-798] affecting Planex MZK-DP300N wireless devices running firmware version 1.07 and earlier. An attacker on the same local network can authenticate to the device through Telnet using embedded credentials and execute arbitrary commands. The flaw provides full administrative access to the device operating system without requiring any prior authentication knowledge from the attacker.

Critical Impact

Adjacent-network attackers can obtain shell access on affected MZK-DP300N devices via Telnet and execute arbitrary commands, leading to full device compromise.

Affected Products

  • Planex MZK-DP300N firmware version 1.07
  • Planex MZK-DP300N firmware versions earlier than 1.07
  • Devices exposing the Telnet management service on the local network

Discovery Timeline

  • 2025-10-28 - CVE-2025-62777 published to NVD
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2025-62777

Vulnerability Analysis

The MZK-DP300N firmware ships with credentials embedded directly in the device image. These credentials authorize access to the Telnet management interface exposed on the local network segment. Because the credentials are static across deployments, any attacker who learns them once can reuse them against every vulnerable device they reach.

Successful authentication grants command execution in the underlying shell. An attacker can modify configuration, pivot into the network the device serves, intercept traffic, or persist on the device by altering firmware behavior. The vulnerability does not require user interaction or prior privileges on the target.

Root Cause

The root cause is the inclusion of fixed administrative credentials inside the firmware image, combined with an enabled Telnet service that accepts those credentials. Telnet transmits authentication and command data in cleartext, which compounds the exposure by making credentials visible to any attacker sniffing traffic on the adjacent network.

Attack Vector

Exploitation requires network adjacency, meaning the attacker must reach the device on the same LAN or wireless segment. After locating an MZK-DP300N over Telnet on TCP port 23, the attacker authenticates with the embedded credentials and issues shell commands. No exploit script is required because the attack relies on standard Telnet client functionality. As of publication, no public proof-of-concept or in-the-wild exploitation has been reported.

Detection Methods for CVE-2025-62777

Indicators of Compromise

  • Unexpected inbound TCP connections to port 23 on MZK-DP300N devices from internal hosts
  • Successful Telnet authentication events originating from workstations or guest network ranges
  • Configuration changes on the device that were not initiated by an administrator
  • New or modified processes running on the device shell outside normal operating patterns

Detection Strategies

  • Monitor network flow data for any Telnet (TCP/23) sessions terminating at embedded network devices
  • Alert on Telnet usage from client subnets that should never administer infrastructure devices
  • Inspect switch and access point logs for repeated authentication attempts targeting the affected device
  • Correlate device configuration drift with timestamps of observed Telnet sessions

Monitoring Recommendations

  • Enable centralized syslog collection from the MZK-DP300N and review authentication events daily
  • Deploy network detection rules that flag any cleartext Telnet traffic on management VLANs
  • Track ARP and DHCP activity for unauthorized hosts on the network segments hosting the device

How to Mitigate CVE-2025-62777

Immediate Actions Required

  • Disable Telnet on affected MZK-DP300N devices if the firmware allows the service to be turned off
  • Isolate vulnerable devices on a dedicated VLAN with strict access control lists restricting management traffic
  • Block TCP port 23 at network boundaries and between user and infrastructure segments
  • Review device logs for prior Telnet sessions and rotate any credentials that may have transited the device

Patch Information

Refer to the JVN Security Advisory and Planex Product Information for vendor guidance on firmware status and remediation. Apply any updated firmware released by Planex for the MZK-DP300N product line as soon as it becomes available.

Workarounds

  • Place the device behind a firewall that denies Telnet from all but explicitly authorized management hosts
  • Restrict wireless and wired access to trusted users only, eliminating the adjacent attacker scenario
  • Replace affected hardware with a supported model if no firmware fix is available
  • Disable any unused services on the device to reduce the management attack surface
bash
# Example ACL concept blocking Telnet to the affected device
# Replace 192.0.2.10 with the device IP and 198.51.100.0/24 with admin subnet
access-list 110 permit tcp 198.51.100.0 0.0.0.255 host 192.0.2.10 eq 23
access-list 110 deny   tcp any host 192.0.2.10 eq 23
access-list 110 permit ip any any

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.