CVE-2025-41719 | THREATINT

Description

A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known default password.

PUBLISHED Reserved 2025-04-16 | Published 2025-10-22 | Updated 2025-10-22 | Assigner CERTVDE

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-1286:Improper Validation of Syntactic Correctness of Input

Product status

Default status

unaffected

0.0.0 (semver) before Firmware v3.2.0

affected

Default status

unaffected

0.0.0 (semver) before Firmware v3.2.0

affected

Default status

unaffected

0.0.0 (semver) before Firmware v3.2.0

affected

Default status

unaffected

0.0 (semver) before Firmware v6.0

affected

Default status

unaffected

0.0 (semver) before Firmware v6.0

affected

Default status

unaffected

0.0 (semver) before Firmware v6.0

affected

Credits

Damian Pfammatter, Daniel Hulliger from Cyber-Defence Campus armasuisse finder

References

sauter.csaf-tp.certvde.com/...f/white/2025/vde-2025-060.json

cve.org (CVE-2025-41719)

nvd.nist.gov (CVE-2025-41719)

Download JSON