An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices.
Exploit
CVE-2026-35075
VulnCheck
Refer to CVE-2026-35075 NVD advisory