CVE-2025-2772
BEC Technologies Multiple Routers Insufficiently Protected Credentials Information Disclosure Vulnerability
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
BEC Technologies Multiple Routers Insufficiently Protected Credentials Information Disclosure Vulnerability
BEC Technologies Multiple Routers Insufficiently Protected Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BEC Technologies routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within /cgi-bin/tools_usermanage.asp. The issue results from transmitting a list of users and their credentials to be handled on the client side. An attacker can leverage this vulnerability to disclose transported credentials, leading to further compromise. Was ZDI-CAN-25895.
Reserved 2025-03-24 | Published 2025-04-23 | Updated 2025-04-23 | Assigner zdiCWE-522: Insufficiently Protected Credentials
www.zerodayinitiative.com/advisories/ZDI-25-185/ (ZDI-25-185)
Support options
