CVE-2025-43980
📋 TL;DR
FIRSTNUM JC21A-04 devices have SSH enabled by default with hardcoded root/admin credentials that cannot be disabled via the GUI. This allows attackers to gain administrative access to affected devices. All users of FIRSTNUM JC21A-04 devices through version 2.01ME/FN are affected.
💻 Affected Systems
- FIRSTNUM JC21A-04
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete device compromise leading to data theft, network pivoting, or device becoming part of a botnet.
Likely Case
Unauthorized administrative access allowing configuration changes, data exfiltration, or service disruption.
If Mitigated
Limited impact if SSH is disabled or credentials are changed via alternative methods.
🎯 Exploit Status
Exploitation requires network access to SSH port (typically 22) and knowledge of default credentials. No authentication bypass needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 2.01ME/FN
Vendor Advisory: https://github.com/actuator/cve/blob/main/Firstnum/CVE-2025-43980.txt
Restart Required: No
Instructions:
1. Check for firmware updates from FIRSTNUM. 2. Apply the latest firmware version that addresses this vulnerability. 3. Verify SSH service configuration after update.
🔧 Temporary Workarounds
Change SSH credentials via CLI
allManually change the root password via SSH command line if GUI doesn't support it
ssh root@device_ip
admin
passwd
Enter new password
Disable SSH service
allDisable SSH service through command line if available
ssh root@device_ip
admin
systemctl disable ssh
systemctl stop ssh
🧯 If You Can't Patch
- Change default SSH credentials immediately using command line access
- Implement network segmentation to restrict SSH access to trusted management networks only
- Deploy network-based controls to block SSH traffic to affected devices
🔍 How to Verify
Check if Vulnerable:
Attempt SSH connection to device port 22 using root/admin credentials. If successful, device is vulnerable.Check Version:
ssh root@device_ip 'cat /etc/version' or check via device web interfaceVerify Fix Applied:
Attempt SSH connection with root/admin credentials. Connection should fail. Verify firmware version is newer than 2.01ME/FN.📡 Detection & Monitoring
Log Indicators:
- Failed SSH authentication attempts
- Successful SSH logins with root/admin credentials
- Unusual SSH connection patterns
Network Indicators:
- SSH connections to port 22 from unexpected sources
- Brute force attempts against SSH service
SIEM Query:
source="ssh" AND (user="root" OR user="admin") AND success="true"