{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-67114", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-24T01:23:37.027Z", "dateReserved": "2025-12-08T00:00:00.000Z", "datePublished": "2026-03-19T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-19T17:27:49.750Z"}, "descriptions": [{"lang": "en", "value": "Use of a deterministic credential generation algorithm in /ftl/bin/calc_f2 in Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote attackers to derive valid administrative/root credentials from the device's MAC address, enabling authentication bypass and full device access."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://neroteam.com/blog/freedomfi-sercomm-sce4255w-englewood"}, {"url": "https://fcc.report/FCC-ID/P27-SCE4255W/4790935.pdf"}, {"url": "https://freedomfi.com/index.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-1391", "lang": "en", "description": "CWE-1391 Use of Weak Credentials"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T01:22:45.403240Z", "id": "CVE-2025-67114", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T01:23:37.027Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-67114", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-24T01:22:45.403240Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1391", "description": "CWE-1391 Use of Weak Credentials"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T01:23:32.552Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://neroteam.com/blog/freedomfi-sercomm-sce4255w-englewood"}, {"url": "https://fcc.report/FCC-ID/P27-SCE4255W/4790935.pdf"}, {"url": "https://freedomfi.com/index.html"}], "descriptions": [{"lang": "en", "value": "Use of a deterministic credential generation algorithm in /ftl/bin/calc_f2 in Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote attackers to derive valid administrative/root credentials from the device's MAC address, enabling authentication bypass and full device access."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-19T17:27:49.750Z"}}}, "cveMetadata": {"cveId": "CVE-2025-67114", "state": "PUBLISHED", "dateUpdated": "2026-03-24T01:23:37.027Z", "dateReserved": "2025-12-08T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-19T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Use of a deterministic credential generation algorithm in /ftl/bin/calc_f2 in Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote attackers to derive valid administrative/root credentials from the device's MAC address, enabling authentication bypass and full device access."}, {"lang": "es", "value": "El uso de un algoritmo de generaci\u00f3n de credenciales determinista en /ftl/bin/calc_f2 en el firmware del Small Cell Sercomm SCE4255W (FreedomFi Englewood) anterior a DG3934v3@2308041842 permite a atacantes remotos derivar credenciales administrativas/de root v\u00e1lidas de la direcci\u00f3n MAC del dispositivo, lo que permite la omisi\u00f3n de autenticaci\u00f3n y el acceso completo al dispositivo."}], "id": "CVE-2025-67114", "lastModified": "2026-03-24T02:16:03.830", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-19T18:16:15.713", "references": [{"source": "cve@mitre.org", "url": "https://fcc.report/FCC-ID/P27-SCE4255W/4790935.pdf"}, {"source": "cve@mitre.org", "url": "https://freedomfi.com/index.html"}, {"source": "cve@mitre.org", "url": "https://neroteam.com/blog/freedomfi-sercomm-sce4255w-englewood"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1391"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,DG3934v3@2308041842)"}}], "enrichment": {"confidence": 85.0, "confidence_source": "inferred", "scores": [{"score": 85.0, "source": "inferred"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "sercomm_sce4255w", "vendor": "freedomfi"}], "analysis": {"en": {"generated_at": "2026-03-24T03:27:54.144473+00:00", "value": {"mitigation_remediation": ["Upgrade the SCE4255W firmware to version DG3934v3 or newer which removes the deterministic credential generation routine.", "If a firmware update is unavailable, block external access to any remote management interfaces on the device or restrict management traffic to trusted networks.", "Monitor device logs for repeated authentication attempts and legitimate login activity to detect suspicious use of derived credentials."], "summary": {"action": "Immediate Patch", "impact": "Remote authentication bypass allowing full device control"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Sercomm SCE4255W small cell (FreedomFi Englewood) running firmware versions prior to DG3934v3@2308041842. Users should verify their firmware version and ensure it is updated to the latest release that eliminates the deterministic credential generation logic.", "description_and_impact": "A deterministic credential generation routine located in /ftl/bin/calc_f2 of the FreedomFi Englewood Sercomm SCE4255W small cell firmware allows an attacker to compute valid administrative or root credentials from the device's MAC address. This flaw enables an unauthenticated remote attacker to bypass the authentication mechanism and obtain unrestricted control over the device, representing a critical security weakness identified by CWE-1391. The high CVSS score of 9.8 indicates that the vulnerability can be exploited with minimal effort and yields complete device compromise.", "risk_and_exploitability": "With a CVSS score of 9.8 the risk to any affected device is severe. Although the EPSS score is below 1% and the flaw is not listed in CISA's KEV catalog, the exploitation pathway\u2014remote authentication bypass via credential derivation from a public MAC address\u2014is straightforward. An attacker only needs to identify a target device\u2019s MAC address, calculate the administrative credentials using the disclosed algorithm, and then authenticate to gain full device access. The flaw remains exploitable until the firmware is updated or remote management is otherwise disabled."}}}}, "created": "2026-03-20T08:58:04.533449+00:00", "title": "Deterministic Credential Generation Exposes Administrative Credentials in Sercomm SCE4255W Small Cell", "updated": "2026-03-25T11:51:41.583925+00:00", "vendors": ["freedomfi", "freedomfi$PRODUCT$sercomm_sce4255w"]}