CVE-2025-2398

Name of the Vulnerable Software and Affected Versions China Mobile P22g-CIac versions up to 20250305 ZXWT-MIG-P4G4V versions up to 20250305 ZXWT-MIG-P8G8V versions up to 20250305 GT3200-4G4P versions up to 20250305 GT3200-8G8P versions up to 20250305

Description A critical issue affects the component CLI su Command Handler, leading to the use of default credentials. The attack may be initiated remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations For China Mobile P22g-CIac versions up to 20250305, consider disabling the CLI su Command Handler component until a patch is available. For ZXWT-MIG-P4G4V versions up to 20250305, restrict access to the CLI su Command Handler component to minimize the risk of exploitation. For ZXWT-MIG-P8G8V versions up to 20250305, avoid using default credentials in the CLI su Command Handler component until the issue is resolved. For GT3200-4G4P versions up to 20250305, temporarily disable the CLI su Command Handler component to prevent remote attacks. For GT3200-8G8P versions up to 20250305, apply configuration changes to prevent the use of default credentials in the CLI su Command Handler component. At the moment, there is no information about a newer version that contains a fix for this vulnerability.