Hardcoded Default Credentials
A hardcoded default admin password literal is embedded in the binary and used in authentication comparisons.
- CVE
- CVE-2026-6822, CVE-2026-6259
- Vendor
- Inhand Networks
- Product
- 5G Modem
Executive Summary
A binary analysis of authentication-related code paths identified 1 security finding: a high-severity CWE-798 hardcoded/default credential pattern. The issue is located in sub_4072ec, where an embedded password literal ("123456") is used in an admin-password comparison flow.
Binary Profile
- Security Flags: PIE (absent), NX (absent), stack_canary (absent), RELRO (absent)
- Risk Level: High
Findings
1. Hardcoded Default Admin Password Literal — High
- Function:
sub_4072ec (passwd_risk handler)@0x4072ec - CWE: CWE-798 — Use of Hard-coded Credentials
- Category: info_leak
- Reachability: unknown
Description
The binary embeds a fixed admin password literal "123456" at 0x42046c and uses it in nvram_default_match("adm_passwd", "123456", 0) at 0x407318. This creates a hardcoded/default credential condition that can be recovered through static binary analysis. If deployed devices retain default credentials, an attacker can attempt authentication using this known value.
Taint Chain
embedded credential literal "123456" @ 0x42046c
→ "adm_passwd" key literal @ 0x420460
→ comparison result branches to passwd_risk=1/0 output @ 0x420474 / 0x420484
→ nvram_default_match @ 0x407318
Mitigations
- Present: none
- Absent: PIE, NX, stack_canary, RELRO