CVE-2025-20620

Name of the Vulnerable Software and Affected Versions STEALTHONE D220/D340 versions up to 6.03.02

Description A SQL Injection vulnerability exists in the STEALTHONE D220/D340, allowing an attacker who can access the affected product to obtain the administrative password of the web management page. This issue is related to the lack of protection measures for the SQL query structure, which can be exploited by a remote attacker to gain unauthorized access to protected information.

Recommendations For STEALTHONE D220/D340 versions up to 6.03.02, consider disabling access to the web management page until a patch is available. Restrict access to the administrative password to minimize the risk of exploitation. Avoid using the web management page for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.