CVE-2025-48417

Name of the Vulnerable Software and Affected Versions The product name cannot be determined.

Description The issue concerns hard-coded TLS certificates and private keys in the firmware for the web interface, specifically on TCP port 443. An attacker can exploit this by using the private key to perform man-in-the-middle attacks against users of the admin interface. The affected files are located in /etc/ssl, including salia.local.crt, salia.local.key, and salia.local.pem. There is no option to configure custom TLS certificates, making the system vulnerable to such attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.