CVE-2025-41652 | THREATINT

Description

The devices are vulnerable to an authentication bypass due to flaws in the authorization mechanism. An unauthenticated remote attacker could exploit this weakness by performing brute-force attacks to guess valid credentials or by using MD5 collision techniques to forge authentication hashes, potentially compromising the device.

Reserved 2025-04-16 | Published 2025-05-27 | Updated 2025-05-27 | Assigner CERTVDE

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-656 Reliance on Security Through Obscurity

Product status

Default status

unaffected

0.0.0 before 3.6.32

affected

Default status

unaffected

0.0.0 before 3.6.32

affected

Default status

unaffected

0.0.0 before 3.6.32

affected

Default status

unaffected

0.0.0 before 3.5.36

affected

Default status

unaffected

0.0.0 before 3.5.36

affected

Default status

unaffected

0.0.0 before 3.5.36

affected

Default status

unaffected

0.0.0 before 3.5.36

affected

Default status

unaffected

0.0.0 before 3.3.34

affected

Default status

unaffected

0.0.0 before 3.3.34

affected

Default status

unaffected

0.0.0 before 3.4.32

affected

Default status

unaffected

0.0.0 before 3.4.32

affected

Default status

unaffected

0.0.0 before 3.4.40

affected

Default status

unaffected

0.0.0 before 3.4.40

affected

References

certvde.com/en/advisories/VDE-2025-044/

cve.org (CVE-2025-41652)

nvd.nist.gov (CVE-2025-41652)

Download JSON