PT-2025-44328 · Unknown · Dataphone A920
Published
2025-10-29
·
Updated
2025-10-29
·
CVE-2025-61234
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Dataphone A920 version 2025.07.161103
Description
A flaw in access control on Dataphone A920 version 2025.07.161103 allows unauthorized interaction with the device. A service running on port
8888 is exposed on the local network without requiring authentication. An attacker can connect to the device via a TCP socket without providing credentials. Sending an HTTP request to the service on port 8888 results in an error response that reveals functionality details, headers identifying Paytef dataphone packets, and the build version.Recommendations
Apply any available updates to address the access control issue on Dataphone A920 version 2025.07.161103.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dataphone A920