CVE-2025-29268
CriticalCVSS 9.8Exploitation Probability (EPSS)
Very high risk94th percentile - higher than 94% of all known CVEs
Summary
The ALLNET ALL-RUT22GW device version 3.3.8 was found to store hardcoded credentials in the libicos.so library. This means passwords or access keys are stored in plaintext within the binary file.
Risk Assessment
An attacker who gains access to the libicos.so file (e.g., through firmware analysis or local system access) can read these credentials and use them for unauthorized access to the device or related services.
Recommendation
Immediately contact the vendor for a security patch. Until a fix is available, restrict physical and network access to the device and monitor logs for suspicious activity.
Original NVD description (English source)
ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credentials in the libicos.so library.

