CVE-2025-63216

Name of the Vulnerable Software and Affected Versions Itel DAB Gateway versions c041640a

Description The Itel DAB Gateway is susceptible to an authentication bypass due to inadequate JWT (JSON Web Token) validation. An attacker can exploit this by reusing a valid JWT token acquired from one device to authenticate and obtain administrative access to any other device running the same firmware, regardless of differing passwords or network configurations. This allows for complete compromise of the affected devices. JWT is a standard for securely transmitting information between parties as a JSON object.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.