cbcvebase.
CVE-2025-11126
published 2025-09-29

CVE-2025-11126: A security flaw has been discovered in Apeman ID71 218.53.203.117. This vulnerability affects unknown code of the file /system/www/system.ini. The manipulation…

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.60%
44.2th percentile
A security flaw has been discovered in Apeman ID71 218.53.203.117. This vulnerability affects unknown code of the file /system/www/system.ini. The manipulation results in hard-coded credentials. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Affected

1 ranges
VendorProductVersion rangeFixed in
apemanid71

Detection & IOCsextracted from sources · hover to see the quote

ip218.53.203.117
path/system/www/system.ini
  • The vulnerable file /system/www/system.ini on Apeman ID71 devices contains hard-coded credentials; network-accessible retrieval of this file indicates exploitation of CVE-2025-11126.
  • Monitor for unauthenticated remote HTTP requests targeting /system/www/system.ini on Apeman ID71 camera devices, which may indicate credential harvesting attempts.
  • ·All firmware versions of Apeman ID71 are affected (vers:all/*); there is no patched version available as the vendor did not respond to disclosure.
  • ·The vendor has not provided a fix; CISA advises isolating devices from the internet and placing them behind firewalls as the only available mitigation.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.9HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.