CVE-2025-6526

Name of the Vulnerable Software and Affected Versions: 70mai M300 versions up to 20250611

Description: A problematic issue has been found in the HTTP Server component, leading to insufficiently protected credentials. The attack can only be done within the local network and has a high complexity, making exploitation difficult. The exploit has been disclosed to the public.

Recommendations: For 70mai M300 versions up to 20250611, consider restricting access to the HTTP Server component to minimize the risk of exploitation. As a temporary workaround, avoid using the device on untrusted networks until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.