CVE-2026-35075

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices.

Credits

Daniel Hulliger from Armasuisse Cyber-Defence campus.
Damian Pfammatter from Armasuisse Cyber-Defence campus.
Adrien Rey from Armasuisse Cyber Defense Campus Zurich

References