CVE-2025-41653 | THREATINT

Description

An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted HTTP request with a malicious header, potentially causing the server to crash or become unresponsive.

Reserved 2025-04-16 | Published 2025-05-27 | Updated 2025-05-27 | Assigner CERTVDE

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-410 Insufficient Resource Pool

Product status

Default status

unaffected

0.0.0 before 3.6.32

affected

Default status

unaffected

0.0.0 before 3.6.32

affected

Default status

unaffected

0.0.0 before 3.5.36

affected

Default status

unaffected

0.0.0 before 3.5.36

affected

Default status

unaffected

0.0.0 before 3.5.36

affected

Default status

unaffected

0.0.0 before 3.5.36

affected

Default status

unaffected

0.0.0 before 3.5.36

affected

Default status

unaffected

0.0.0 before 3.3.34

affected

Default status

unaffected

0.0.0 before 3.3.34

affected

Default status

unaffected

0.0.0 before 3.4.32

affected

Default status

unaffected

0.0.0 before 3.4.32

affected

Default status

unaffected

0.0.0 before 3.4.40

affected

Default status

unaffected

0.0.0 before 3.4.40

affected

References

certvde.com/en/advisories/VDE-2025-044/

cve.org (CVE-2025-41653)

nvd.nist.gov (CVE-2025-41653)

Download JSON