CVE-2025-36747CRITICAL 9.8EPSS p20.1%

CVE-2025-36747CVE-2025-36747

Description

ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish an insecure FTP connection with the server. This may allow an attacker to replace legitimate files being deployed to devices with their own malicious versions, since the firmware signature verification is not enforced.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.29% probability of exploitation · percentile 20.1% · 2026-06-19T12:03:05Z
Published2025-12-13
Last modified2026-01-14

Underlying weaknesses· 1

CWE-798

References

  1. https://csirt.divd.nl/CVE-2025-36747/

1

TypeTargetConfidenceTier
WeaknessUse of Hard-coded Credentialscwe-7980%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-41651
CVE
CVE-2025-36752
CVE
CVE-2025-36753
CVE
CVE-2025-0592
CVE
CVE-2026-25775
CVE
CVE-2026-35075
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.