CVE-2026-9142 in grpc-device
Summary
by MITRE • 06/19/2026
There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback. This may allow an unauthenticated user access to the server on the local network. This affects NI grpc-device 2.17.0 and prior versions.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 06/19/2026
The insecure default credentials vulnerability in NI grpc-device represents a critical security flaw that exploits weak authentication mechanisms in network services. This vulnerability specifically manifests when the gRPC server is configured without proper Transport Layer Security (TLS) encryption and is bound to network interfaces beyond the loopback address. The flaw allows unauthenticated attackers to gain access to the server from within the local network, creating a significant attack surface that can be exploited by malicious actors. The vulnerability affects all versions of NI grpc-device up to and including version 2.17.0, indicating a long-standing issue that has not been adequately addressed in the software lifecycle.
The technical implementation of this vulnerability stems from the device's default configuration practices that prioritize ease of deployment over security considerations. When TLS is not properly configured, the communication channel becomes susceptible to interception and manipulation, while binding the server beyond loopback addresses exposes it to network-based attacks. The insecure default credentials typically involve hardcoded usernames and passwords that remain unchanged from the factory settings, providing attackers with readily available access credentials. This design flaw aligns with CWE-798, which identifies the use of hard-coded credentials as a significant security risk, and represents a classic example of insecure default configuration that violates fundamental security principles.
The operational impact of this vulnerability extends beyond simple unauthorized access, potentially enabling attackers to execute arbitrary commands, modify device configurations, or exfiltrate sensitive data from the network. Since the vulnerability allows access from within the local network, it can be exploited by attackers who have already gained access to the network through other means such as phishing attacks, compromised credentials, or network reconnaissance. The attack surface becomes particularly concerning in industrial control systems or automated environments where NI grpc-device may be used for critical operations, as unauthorized access could lead to operational disruptions or safety hazards. This vulnerability also aligns with ATT&CK technique T1078 which covers valid accounts and credential access, as attackers can leverage these default credentials to establish persistent access to network resources.
Organizations should implement immediate mitigations including mandatory TLS configuration for all gRPC server deployments, binding servers to loopback interfaces when possible, and enforcing strong authentication mechanisms. Regular security assessments should verify that default credentials have been changed and that network configurations follow security best practices. The remediation process should include updating to the latest version of NI grpc-device where the vulnerability has been addressed, implementing network segmentation to limit access to critical services, and establishing monitoring procedures to detect unauthorized access attempts. Security teams should also consider implementing privilege separation and least-privilege access controls to minimize the potential impact of credential compromise. Additionally, organizations should conduct comprehensive vulnerability assessments to identify other systems that may be similarly affected by insecure default configurations, as this represents a widespread pattern of security misconfigurations that require systematic remediation across network infrastructure.