CVE Catalog

CVE-2025-29268

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
8.08%

94th percentile - higher than 94% of all known CVEs

Summary

The ALLNET ALL-RUT22GW device version 3.3.8 was found to store hardcoded credentials in the libicos.so library. This means passwords or access keys are stored in plaintext within the binary file.

Risk Assessment

An attacker who gains access to the libicos.so file (e.g., through firmware analysis or local system access) can read these credentials and use them for unauthorized access to the device or related services.

Recommendation

Immediately contact the vendor for a security patch. Until a fix is available, restrict physical and network access to the device and monitor logs for suspicious activity.

Original NVD description (English source)

ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credentials in the libicos.so library.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS