PT-2025-15126 · Iteaj · Iteaj Iboot
Uglory
·
Publicado
2025-04-06
·
Atualizado
2025-04-08
·
CVE-2025-3325
CVSS v4.0
5.3
Média
| Vetor | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
iteaj iboot 物联网网关 version 1.1.3
Description
A problematic issue was found in the Admin Password Handler component, affecting an unknown part of the file /core/admin/pwd. The manipulation of the
ID argument leads to improper access controls, allowing for remote attacks. The issue has been publicly disclosed.Recommendations
For iteaj iboot 物联网网关 version 1.1.3, consider restricting access to the /core/admin/pwd file and the Admin Password Handler component to minimize the risk of exploitation. As a temporary workaround, avoid using the
ID argument in the affected component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Correção
Unrestricted File Upload
Improper Access Control
Incorrect Privilege Assignment
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Iteaj Iboot