Home

Description

An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauthorized access to sensitive data, including password hashes and certificates.

PUBLISHED Reserved 2025-04-16 | Published 2026-03-09 | Updated 2026-03-09 | Assigner CERTVDE




MEDIUM: 6.2CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-328 Use of Weak Hash

Product status

Default status
unaffected

0.0.0 (semver) before 6.0.1.0
affected

Default status
unaffected

0.0.0 (semver) before 6.0.1.0
affected

Default status
unaffected

0.0.0 (semver) before 6.0.1.0
affected

Credits

Adrien Rey from Cyber Defense Campus Zurich finder

Daniel Hulliger from Armasuisse finder

References

www.mbs-solutions.de/mbs-2025-0001

cve.org (CVE-2025-41762)

nvd.nist.gov (CVE-2025-41762)

Download JSON