Executive Summary

Informations
Name CVE-2025-26326 First vendor Publication 2025-02-28
Vendor Cve Last vendor Modification 2025-03-13

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability was identified in the NVDA Remote (version 2.6.4) and Tele NVDA Remote (version 2025.3.3) remote connection add-ons, which allows an attacker to obtain total control of the remote system by guessing a weak password. The problem occurs because these add-ons accept any password entered by the user and do not have an additional authentication or computer verification mechanism. Tests indicate that more than 1,000 systems use easy-to-guess passwords, many with less than 4 to 6 characters, including common sequences. This allows brute force attacks or trial-and-error attempts by malicious invaders. The vulnerability can be exploited by a remote attacker who knows or can guess the password used in the connection. As a result, the attacker gains complete access to the affected system and can execute commands, modify files, and compromise user security.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26326

Sources (Detail)

https://github.com/azurejoga/CVE-2025-26326
https://github.com/nvda-es/TeleNVDA
https://github.com/NVDARemote/NVDARemote
https://nvda-addons.org/addon.php?id=270
https://nvdaremote.com/
https://www.nvaccess.org
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2025-03-13 21:20:54
  • Multiple Updates
2025-03-07 00:20:35
  • Multiple Updates
2025-02-28 21:20:34
  • First insertion