Home

Description

E3 Site Supervisor Control (firmware version < 2.31F01) contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the underlying OS.

PUBLISHED Reserved 2025-06-17 | Published 2025-09-02 | Updated 2025-09-02 | Assigner Armis




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-1242

Product status

Default status
affected

Any version before 2.31F01
affected

Credits

Armis Labs finder

References

www.armis.com/research/frostbyte10/

cve.org (CVE-2025-52548)

nvd.nist.gov (CVE-2025-52548)

Download JSON