Home
CRITICAL: 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDefault status
unaffected
0.0.0 (semver) before 3.6.32
affected
Default status
unaffected
0.0.0 (semver) before 3.6.32
affected
Default status
unaffected
0.0.0 (semver) before 3.5.36
affected
Default status
unaffected
0.0.0 (semver) before 3.5.36
affected
Default status
unaffected
0.0.0 (semver) before 3.5.36
affected
Default status
unaffected
0.0.0 (semver) before 3.5.36
affected
Default status
unaffected
0.0.0 (semver) before 3.5.36
affected
Default status
unaffected
0.0.0 (semver) before 3.3.34
affected
Default status
unaffected
0.0.0 (semver) before 3.3.34
affected
Default status
unaffected
0.0.0 (semver) before 3.4.32
affected
Default status
unaffected
0.0.0 (semver) before 3.4.32
affected
Default status
unaffected
0.0.0 (semver) before 3.4.40
affected
Default status
unaffected
0.0.0 (semver) before 3.4.40
affected
Description
Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configuration files and leading to full system compromise.
Problem types
CWE-306 Missing Authentication for Critical Function
Product status
0.0.0 (semver) before 3.6.32
0.0.0 (semver) before 3.6.32
0.0.0 (semver) before 3.5.36
0.0.0 (semver) before 3.5.36
0.0.0 (semver) before 3.5.36
0.0.0 (semver) before 3.5.36
0.0.0 (semver) before 3.5.36
0.0.0 (semver) before 3.3.34
0.0.0 (semver) before 3.3.34
0.0.0 (semver) before 3.4.32
0.0.0 (semver) before 3.4.32
0.0.0 (semver) before 3.4.40
0.0.0 (semver) before 3.4.40
References
certvde.com/en/advisories/VDE-2025-044/