Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
Glory RBG-100 Systems Expose Sensitive Login Credentials
CVE-2026-23647
Summary
The Glory RBG-100 system, which uses the ISPK-08 software, stores its login information in plain text, allowing anyone with network access to log in as an administrator without a password. This puts the entire system at risk of unauthorized access and potential compromise. To protect your system, update the ISPK-08 software to a version that doesn't store credentials in plain text.
Original title
Glory RBG-100 recycler systems using the ISPK-08 software component contain hard-coded operating system credentials that allow remote authentication to the underlying Linux system. Multiple local u...
Original description
Glory RBG-100 recycler systems using the ISPK-08 software component contain hard-coded operating system credentials that allow remote authentication to the underlying Linux system. Multiple local user accounts, including accounts with administrative privileges, were found to have fixed, embedded passwords. An attacker with network access to exposed services such as SSH may authenticate using these credentials and gain unauthorized access to the system. Successful exploitation allows remote access with elevated privileges and may result in full system compromise.
nvd CVSS3.1
9.8
nvd CVSS4.0
9.3
Vulnerability type
CWE-798
Use of Hard-coded Credentials
Published: 17 Feb 2026 · Updated: 14 Mar 2026 · First seen: 6 Mar 2026