CVE-2026-33037 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: March 20, 2026
WWBN AVideo - Authentication Bypass
Overview
WWBN AVideo <= 25.0 contains a broken authentication caused by default weak admin and database passwords in Docker deployment files, letting attackers gain full admin access, exploit requires default passwords unchanged.
Severity & Score
Impact
Attackers can gain full admin access, exposing user data, manipulating content, and potentially executing remote code.
Mitigation
Update to version 26.0 or later and change default passwords.
References
Social Media Activity(2 posts)
š CVE-2026-33037 - High (8.1) WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files (docker-compose.yml, env.example) ship with the admin password set to "password", which is automatically used to seed the admin account ... š https://www.thehackerwire.com/vulnerability/CVE-2026-33037/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postš CVE-2026-33037 - High (8.1) WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files (docker-compose.yml, env.example) ship with the admin password set to "password", which is automatically used to seed the admin account ... š https://www.thehackerwire.com/vulnerability/CVE-2026-33037/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-33037
- Severity
- High
- CVSS Score
- 8.1
- Type
- broken_authentication
- Status
- unconfirmed
- EPSS
- 23.0%
- Social Posts
- 2
CWE
- CWE-1188
CVSS Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H