Back to overview

CVE-2026-7839

CRITICAL
9.1
CVSS 3.1
Description
UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater writes the literal string "adminadmi2" as the admin password via strcpy_s(saved_password, 64, "adminadmi2"). The HTTP Basic-auth handler wi_decode_auth() checks this password without rate-limiting or lockout. Any remote attacker who can reach the repeater HTTP port (default TCP 80) can authenticate as administrator using the well-known default credential on a fresh or unmodified installation, gaining full control of the repeater configuration including allow/deny rules and session visibility.

Metadata

CVE ID
CVE-2026-7839
State
PUBLISHED
Assigner
securin
Reserved
2026-05-05 07:30 UTC
Published
2026-07-01 03:33 UTC
Last updated
2026-07-01 12:32 UTC
Primary CWE
CWE-798
Use of Hard-coded Credentials
Vendor / Product
uvnc / UltraVNC
Sources
cve.org  ·  NVD

Severity & Metrics

9.1 CRITICAL CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
SSVC — CISA Coordinator
Exploitation
none
Automatable
yes
Tech. Impact
total
Affected products (1)
VendorProductPlatformVersions
uvnc UltraVNC 0 ≤ 1.8.2.2
Weakness (CWE)
CWESourceDescription
CWE-798 cna Use of Hard-coded Credentials
CVSS scores (1)
ScoreSeverityVersionSourceVector
9.1 CRITICAL 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
References (2)
Back to overview