Cisco has released urgent fixes to a critical vulnerability affecting an emergency communication system used to track callers’ location in real time. A developer inadvertently hard-coded credentials in Cisco Emergency Responder tracking and routing software, opening up a permanent backdoor for potential unauthenticated attackers.

At some point in the development cycle, static user credentials for the root account were added to the code but never removed. The credentials cannot be changed or deleted, giving attackers continuous access to the system.