The use of hardcoded default administrative credentials in 3DP-MANAGER allows unauthenticated attackers to gain full control over the application and its VPN management features.

Upon initial setup, the application creates an account with the well-known credentials "admin/admin". Any unauthenticated attacker with network access to the login interface can use these credentials to gain full administrative privileges.

A CVSS score of 9.8 reflects the high impact of this flaw. An attacker gaining administrative access can manage VPN tunnels, modify system settings, and potentially intercept or redirect network traffic, leading to a complete breach of the organization's secure communications.

Immediate Action: Change the default "admin" password immediately. Plan to update to version 2.0.2 as soon as it is released to address the underlying initialization flaw.

Proactive Monitoring: Check system logs for successful logins using the "admin" account from unexpected IP addresses and review all VPN configuration changes for unauthorized modifications.

Compensating Controls: Implement multi-factor authentication (MFA) if supported, or restrict access to the 3DP-MANAGER login page to a specific administrative management network.

Public Exploit Available: No

The presence of default credentials on an internet-facing management tool is a critical security failure. Administrators must change the default password immediately and update the software to version 2.0.2 upon release to secure the deployment.