CVE-2025-57438

CVSS v3.1

6.8

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L

Name of the Vulnerable Software and Affected Versions 2wcom IP-4c version 2.15.5

Description The 2wcom IP-4c device version 2.15.5 is subject to a Broken Access Control issue. Manager-level users can bypass intended access restrictions on sensitive endpoints by intercepting and modifying requests. This occurs despite the expectation that admin-level authorization is required for access.

Recommendations Apply access controls to restrict manager-level user access to sensitive endpoints.

Exploit

Fix

Improper Access Control

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-285

Related Identifiers

CVE-2025-57438

Affected Products

2Wcom Ip-4C

CVE-2025-57438

Weakness Enumeration

Related Identifiers

Affected Products

References · 6