CVE-2025-5437 | THREATINT

Description

A vulnerability classified as critical has been found in Multilaser Sirius RE016 MLT1.0. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Password Change Handler. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Es wurde eine kritische Schwachstelle in Multilaser Sirius RE016 MLT1.0 entdeckt. Es betrifft eine unbekannte Funktion der Datei /cgi-bin/cstecgi.cgi der Komponente Password Change Handler. Durch das Beeinflussen mit unbekannten Daten kann eine improper authentication-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

Reserved 2025-06-01 | Published 2025-06-02 | Updated 2025-06-02 | Assigner VulDB

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

MEDIUM: 5.3CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5.0AV:N/AC:L/Au:N/C:N/I:P/A:N

Problem types

Improper Authentication

Product status

MLT1.0

affected

Timeline

2025-06-01:	Advisory disclosed
2025-06-01:	VulDB entry created
2025-06-01:	VulDB entry last update

Credits

DefaultCh40s (VulDB User) reporter

References

vuldb.com/?id.310770 (VDB-310770 | Multilaser Sirius RE016 Password Change cstecgi.cgi improper authentication) vdb-entry

vuldb.com/?ctiid.310770 (VDB-310770 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.584325 (Submit #584325 | Multilaser Sirius RE016 MLT1.0 Authentication Bypass) third-party-advisory

github.com/DefaultCh40s/RE016/blob/main/re016.py exploit

cve.org (CVE-2025-5437)

nvd.nist.gov (CVE-2025-5437)

Download JSON