Home

Description

An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692 to gain read access to parts of the filesystem of the device.

PUBLISHED Reserved 2025-04-16 | Published 2025-12-09 | Updated 2025-12-09 | Assigner CERTVDE




MEDIUM: 4.6CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-798 Use of Hard-coded Credentials

Product status

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Credits

D. Blagojevic, S. Dietz, F. Koroknai, T. Weber from CyberDanube finder

References

certvde.com/de/advisories/VDE-2025-071

cve.org (CVE-2025-41696)

nvd.nist.gov (CVE-2025-41696)

Download JSON