CVE-2025-6530

Name of the Vulnerable Software and Affected Versions: 70mai M300 up to 20250611

Description: A vulnerability was found in the Telnet Service component, affecting an unknown part of the file demo.sh. The manipulation leads to denial of service. Access to the local network is required for this attack. The complexity of an attack is rather high, and the exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations: For 70mai M300 up to 20250611, as a temporary workaround, consider disabling the Telnet Service until a patch is available. Restrict access to the local network to minimize the risk of exploitation. Avoid using the demo.sh file in the Telnet Service component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.