A critical vulnerability exists in Airship AI Acropolis due to a static, default administrative account credential shared across all installations. An attacker who knows this default password can gain complete administrative control over any unpatched or improperly configured system, leading to a full system compromise. This allows for potential data theft, operational disruption, and unauthorized access to sensitive surveillance and analytics data.

The Airship AI Acropolis platform is shipped with a built-in administrative account that uses a hardcoded, non-unique password. This means the same username and password combination grants administrative access to every instance of the software by default. An attacker with knowledge of these credentials can directly log into the administrative interface of any exposed system without needing to bypass any other security mechanisms, granting them the highest level of privilege.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation would grant an attacker complete control over the Airship AI Acropolis platform. The consequences include the ability to view, alter, or delete sensitive data (such as video surveillance feeds), disable security monitoring, create new administrative users, and potentially use the compromised system as a pivot point to attack other resources on the internal network. This poses a severe risk to data confidentiality, integrity, and availability, and could lead to significant operational disruption and reputational damage.

Immediate Action: Immediately identify all instances of Airship AI Acropolis and change the password for the default administrative account to a unique, complex value. If the vendor has released a patch that forces a password change upon first login or removes the default account, apply the update to the latest version as soon as possible. After changing credentials, review all access logs for any previous unauthorized logins using the default account.

Proactive Monitoring: Security teams should actively monitor for any successful login events using the default administrative username from untrusted or unexpected IP addresses. Furthermore, monitor for unusual administrative activities, such as the creation of new accounts, unexpected configuration changes, or large data transfers originating from the Acropolis platform. Configure alerts for any of these suspicious activities.

Compensating Controls: If patching or changing the password is not immediately possible, implement network segmentation to restrict access to the product's management interface. Limit connectivity to a small set of trusted IP addresses or a dedicated management network. If applicable, place a Web Application Firewall (WAF) in front of the application to filter and block malicious login attempts from unknown sources.

Public Exploit Available: true

Given the critical CVSS score of 9.8 and the trivial nature of exploitation, this vulnerability requires immediate attention. The highest priority is to identify all deployed instances of Airship AI Acropolis and immediately change the default administrative password. Although this CVE is not currently listed on the CISA KEV list, its severity and the high likelihood of future exploitation make it a critical priority for remediation. Organizations must assume that the default credentials are publicly known and act swiftly to mitigate this risk.