CVE-2025-0626

HIGH Year: 2025
CVSS v3 Score
7.5
High
Weakness Type
CWE-912
View all →

Vulnerability Description

The "monitor" binary in the firmware of the affected product attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function also enables the network interface of the device if it is disabled. The function is triggered by attempting to update the device from the user menu. This could serve as a backdoor to the device, and could lead to a malicious actor being able to upload and overwrite files on the device.

Related Vulnerabilities

CVE-2024-22044

HIGH
CVSS:7.5(High)

A vulnerability has been identified in SENTRON 3KC ATC6 Expansion Module Ethernet (3KC9000-8TL75) (All versions). Affected devices expose an unused, unstable http service at port 80/tcp on the Modbus-...

CWE-9122024

CVE-2025-0675

HIGH
CVSS:7.5(High)

Multiple Elber products suffer from an unauthenticated device configuration and client-side hidden functionality disclosure.

CWE-9122025

CVE-2017-20083

HIGH
CVSS:7.8(High)

A vulnerability, which was classified as critical, was found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. Affected is an unknown function of the component SSH Server. The manipulation leads to b...

CWE-9122017

CVE-2017-20084

HIGH
CVSS:7.8(High)

A vulnerability has been found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832 and classified as critical. Affected by this vulnerability is an unknown functionality of the component KNX Group Addre...

CWE-9122017

CVE-2022-36429

HIGH
CVSS:7.2(High)

A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execut...

CWE-9122022

CVE-2023-25183

HIGH
CVSS:7.2(High)

In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device.

CWE-9122023