Home

Description

Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission.

PUBLISHED Reserved 2025-04-16 | Published 2025-09-08 | Updated 2025-09-08 | Assigner CERTVDE




HIGH: 7.4CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Problem types

CWE-319 Cleartext Transmission of Sensitive Information

Product status

Default status
unaffected

0.0.0 (semver)
affected

Default status
unaffected

0.0.0 (semver)
affected

Default status
unaffected

0.0.0 (semver)
affected

Default status
unaffected

0.0.0 (semver)
affected

Default status
unaffected

0.0.0 (semver)
affected

Credits

Dr. Matthias Kesenheimer by SySS GmbH finder

Sebastian Hamann by SySS GmbH finder

References

certvde.com/de/advisories/VDE-2025-084

cve.org (CVE-2025-41708)

nvd.nist.gov (CVE-2025-41708)

Download JSON