CVE-2025-36729 | THREATINT

Description

A non-primary administrator user with admin rights to the web interface but without shell access permissions can display configuration of the device including the master admin password. This vulnerability also allows the user to give themselves shell access with the root gid.

PUBLISHED Reserved 2025-04-15 | Published 2025-08-26 | Updated 2025-09-05 | Assigner tenable

HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-269 Improper Privilege Management

Product status

Default status

unaffected

4.0

affected

Credits

Derrie Sutton finder

Giulio Lyons finder

References

www.tenable.com/security/research/tra-2025-25

cve.org (CVE-2025-36729)

nvd.nist.gov (CVE-2025-36729)

Download JSON