3DP-MANAGER Uses Hard-coded Credentials_CVE-2026-25803

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials (admin/admin) upon the first initialization. Attackers with network access to the application's login interface can gain full administrative control, managing VPN tunnels and system settings. This issue will be patched in version 2.0.2.

AI Analysis

3DP-MANAGER uses hard-coded credentials, allowing attackers to gain full administrative control with network access to the application's login interface.

Basic Information

ID CVE-2026-25803

Source GitHub_M

Published Feb 6, 2026 at 22:52

Affected Product

Vendor denpiligrim

Product 3dp-manager

Version <= 2.0.1

Affected Versions denpiligrim 3dp-manager <= 2.0.1

CWE Classification

CWE-798

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor denpiligrim

Product 3DP-MANAGER

Version 2.0.1 and prior

References

{
    "lastseen": "",
    "description": "3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials (admin/admin) upon the first initialization. Attackers with network access to the application's login interface can gain full administrative control, managing VPN tunnels and system settings. This issue will be patched in version 2.0.2.",
    "published": "2026-02-06T22:52:40.631Z",
    "modified": "2026-02-06T22:52:40.631Z",
    "type": "cve",
    "title": "3DP-MANAGER Uses Hard-coded Credentials",
    "source": "GitHub_M",
    "references": "https://github.com/denpiligrim/3dp-manager/security/advisories/GHSA-5x57-h7cw-9jmw\nhttps://github.com/denpiligrim/3dp-manager/commit/f568de41de97dd1b70a963708a1ee18e52b9d248",
    "id": "CVE-2026-25803",
    "bulletinFamily": "",
    "cwe": [
        "CWE-798"
    ],
    "cvelist": null,
    "sourceData": "denpiligrim 3dp-manager <= 2.0.1",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "3dp-manager",
    "version": "<= 2.0.1",
    "vendor": "denpiligrim",
    "ai_description": "3DP-MANAGER uses hard-coded credentials, allowing attackers to gain full administrative control with network access to the application's login interface.",
    "ai_severity": "Critical",
    "ai_vendor": "denpiligrim",
    "ai_product": "3DP-MANAGER",
    "ai_version": "2.0.1 and prior",
    "ai_score": 9.8
}