PT-2025-34785 · Kapsch Trafficcom · Ris-9260+1
Gainsec
+1
·
Published
2025-08-26
·
Updated
2025-10-22
·
CVE-2025-25737
CVSS v3.1
6.8
Medium
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) versions 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28
Description:
The Kapsch TrafficCom RIS-9160 and RIS-9260 Roadside Units (RSUs) lack secure password requirements for the BIOS Supervisor and User accounts. This allows attackers to bypass authentication through a bruteforce attack.
Recommendations:
Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) version 3.2.0.829.23: Implement strong password policies for BIOS Supervisor and User accounts.
Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) version 3.8.0.1119.42: Implement strong password policies for BIOS Supervisor and User accounts.
Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) version 4.6.0.1211.28: Implement strong password policies for BIOS Supervisor and User accounts.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ris-9160
Ris-9260