CVE Catalog

CVE-2026-7839

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

25th percentile — higher than 25% of all known CVEs

Summary

UltraVNC repeater up to version 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. On first run, when settings2.txt is absent, it writes the password "adminadmi2" for the admin user. The Basic-auth handler lacks rate-limiting or lockout, allowing a remote attacker to easily gain full control of the repeater configuration.

Risk Assessment

The organization is at risk of full compromise of the UltraVNC repeater configuration by an unauthorized attacker, potentially leading to modification of access rules, VNC session eavesdropping, and further escalation within the internal network.

Recommendation

Immediately change the default admin password in the settings2.txt configuration file to a strong, unique password. Consider restricting access to the HTTP port (default TCP 80) to trusted IP addresses or disabling the admin interface if not needed.

Original NVD description (English source)

UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater writes the literal string "adminadmi2" as the admin password via strcpy_s(saved_password, 64, "adminadmi2"). The HTTP Basic-auth handler wi_decode_auth() checks this password without rate-limiting or lockout. Any remote attacker who can reach the repeater HTTP port (default TCP 80) can authenticate as administrator using the well-known default credential on a fresh or unmodified installation, gaining full control of the repeater configuration including allow/deny rules and session visibility.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS