CVE-2025-0224

Name of the Vulnerable Software and Affected Versions Provision-ISR SH-4050A-2 Provision-ISR SH-4100A-2L(MM) Provision-ISR SH-8100A-2L(MM) Provision-ISR SH-16200A-2(1U) Provision-ISR SH-16200A-5(1U) Provision-ISR NVR5-8200PX up to 20241220

Description A vulnerability was found in Provision-ISR devices, affecting an unknown functionality of the file /server.js. This leads to information disclosure and can be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Provision-ISR SH-4050A-2, consider disabling the affected functionality of the file /server.js until a patch is available. For Provision-ISR SH-4100A-2L(MM), restrict access to the /server.js file to minimize the risk of exploitation. For Provision-ISR SH-8100A-2L(MM), avoid using the affected functionality of the /server.js file until the issue is resolved. For Provision-ISR SH-16200A-2(1U), consider temporarily disabling the remote access feature to prevent exploitation. For Provision-ISR SH-16200A-5(1U), restrict access to the /server.js file to minimize the risk of exploitation. For Provision-ISR NVR5-8200PX up to 20241220, consider disabling the affected functionality of the file /server.js until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.