CVE-2025-28233 | THREATINT

Description

Incorrect access control in BW Broadcast TX600 (14980), TX300 (32990) (31448), TX150, TX1000, TX30, and TX50 Hardware Version: 2, Software Version: 1.6.0, Control Version: 1.0, AIO Firmware Version: 1.7 allows attackers to access log files and extract session identifiers to execute a session hijacking attack.

PUBLISHED Reserved 2025-03-11 | Published 2025-04-18 | Updated 2025-04-22 | Assigner mitre

References

github.com/...ulnerability-research/tree/main/CVE-2025-28233 exploit

github.com/...ulnerability-research/tree/main/CVE-2025-28233

cve.org (CVE-2025-28233)

nvd.nist.gov (CVE-2025-28233)

Download JSON