PT-2025-15126 · Iteaj · Iteaj Iboot
Uglory
·
Published
2025-04-06
·
Updated
2025-04-08
·
CVE-2025-3325
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
iteaj iboot 物联网网关 version 1.1.3
Description
A problematic issue was found in the Admin Password Handler component, affecting an unknown part of the file /core/admin/pwd. The manipulation of the
ID argument leads to improper access controls, allowing for remote attacks. The issue has been publicly disclosed.Recommendations
For iteaj iboot 物联网网关 version 1.1.3, consider restricting access to the /core/admin/pwd file and the Admin Password Handler component to minimize the risk of exploitation. As a temporary workaround, avoid using the
ID argument in the affected component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
Unrestricted File Upload
Improper Access Control
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Iteaj Iboot