CVE 9.3 CRITICAL

Weak credentials vulnerability in the CashDro 3 web administration panel_CVE-2026-8076

May 8, 2026 invoker category_cve
9.3 / 10
CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Description

Weak credentials in the CashDro 3 web administration panel, version 24.01.00.26, where the platform allows the use of numeric PINs for user authentication. The system supports the use of PIN-based credentials, maintaining compatibility with POS software integrations deployed since 2012. This could allow an attacker to easily perform a brute-force attack against a user and gain access by trying different PINs without the account being locked. Successful exploitation of this vulnerability could result in unauthorized access to confidential configuration settings, compromising the security of the system.

AI Analysis

Weak credentials vulnerability allowing brute-force attacks against user accounts due to the use of numeric PINs for authentication

Basic Information

ID CVE-2026-8076
Source INCIBE
Published May 8, 2026 at 11:55

Affected Product

Vendor CashDro
Product CashDro 3 Administration Panel
Version 24.01.00.26
Affected Versions CashDro CashDro 3 Administration Panel 24.01.00.26

CWE Classification

CWE-1391

AI Assessment

AI Score 9.3 / 10
AI Severity Critical
Vendor CashDro
Product CashDro 3 Administration Panel
Version 24.01.00.26

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.