PT-2025-17323 · Bw Broadcast · Tx300+5
Mohamed Shahat
·
Published
2025-04-18
·
Updated
2025-04-22
·
CVE-2025-28233
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
BW Broadcast TX600 versions 1.6.0
BW Broadcast TX300 versions 1.6.0
BW Broadcast TX150 versions 1.6.0
BW Broadcast TX1000 versions 1.6.0
BW Broadcast TX30 versions 1.6.0
BW Broadcast TX50 versions 1.6.0
Description
The issue is related to incorrect access control, allowing attackers to access log files and extract session identifiers. This can lead to a session hijacking attack.
Recommendations
For BW Broadcast TX600 version 1.6.0, update the software to a version that includes the necessary access control fixes.
For BW Broadcast TX300 version 1.6.0, update the software to a version that includes the necessary access control fixes.
For BW Broadcast TX150 version 1.6.0, update the software to a version that includes the necessary access control fixes.
For BW Broadcast TX1000 version 1.6.0, update the software to a version that includes the necessary access control fixes.
For BW Broadcast TX30 version 1.6.0, update the software to a version that includes the necessary access control fixes.
For BW Broadcast TX50 version 1.6.0, update the software to a version that includes the necessary access control fixes.
Exploit
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tx1000
Tx150
Tx30
Tx300
Tx50
Tx600