PT-2025-32367 · Eg4 Electronics · Eg4 12000Xp+6
Anthony Rose
·
Published
2025-08-08
·
Updated
2025-08-08
·
CVE-2025-47872
CVSS v3.1
5.8
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
The product name cannot be determined. (affected versions not specified)
Description
The public-facing product registration endpoint server responds differently based on the status of the serial number (
S/N) – whether it is valid and unregistered, valid but already registered, or nonexistent in the database. This, combined with the sequential assignment of serial numbers, allows an attacker to gather information about the product registration status of different serial numbers.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Side Channel Attack
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Eg4 12000Xp
Eg4 12Kpv
Eg4 18Kpv
Eg4 6000Xp
Eg4 Flex 18
Eg4 Flex 21
Eg4 Gridboss