Byteray
·
Published
2025-09-06
·
Updated
2025-09-07
·
CVE-2025-9961
8.6
High
| Base vector | Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
AX10 versions prior to 1.2.1
AX10 version V1
AX10 version V1.2
AX10 version V2
AX10 version V2.6
AX10 version V3
AX10 version V3.6
AX1500 versions prior to 1.3.11
AX1500 version V1
AX1500 version V1.20
AX1500 version V1.26
AX1500 version V1.60
AX1500 version V1.80
AX1500 version V2.60
AX1500 version V3.6
Description:
An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the affected devices. The exploit requires a Man-In-The-Middle (MITM) attack.
Recommendations:
Update AX10 to version 1.2.1 or later.
Update AX1500 to version 1.3.11 or later.
Fix
RCE
Buffer Overflow