CVE-2026-8076— Weak credentials vulnerability in the CashDro 3 web administration panel

Weak credentials vulnerability in the CashDro 3 web administration panel

Weak credentials in the CashDro 3 web administration panel, version 24.01.00.26, where the platform allows the use of numeric PINs for user authentication. The system supports the use of PIN-based credentials, maintaining compatibility with POS software integrations deployed since 2012. This could allow an attacker to easily perform a brute-force attack against a user and gain access by trying different PINs without the account being locked. Successful exploitation of this vulnerability could result in unauthorized access to confidential configuration settings, compromising the security of the system.

N/A

CWE-1391

CashDro 安全漏洞

CashDro是CashDro公司的一款用于门店现金收付与找零自动化管理的智能设备系统。 CashDro 3 24.01.00.26版本存在安全漏洞，该漏洞源于平台允许使用数字PIN进行用户身份验证，支持基于PIN的凭据，可能导致攻击者轻松进行暴力破解攻击，尝试不同PIN而不锁定账户，成功利用可能导致未授权访问机密配置设置。

N/A

N/A