CVE-2025-61235

CVSS v3.1

9.1

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Dataphone A920 version 2025.07.161103

Description A crafted packet, based on public documentation, can be sent to the device. Normally, the device should reject packets with arbitrary or trivial data in certain fields. However, due to insufficient validation, the device accepts these packets without authentication and triggers functionality.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2025-61235

Affected Products

Dataphone A920

CVE-2025-61235

Weakness Enumeration

Related Identifiers

Affected Products

References · 5