CVE-2025-63218

Name of the Vulnerable Software and Affected Versions Axel Technology WOLF1MS and WOLF2MS versions 0.8.5 through 1.0.3

Description The devices are subject to Broken Access Control because of a lack of authentication on the /cgi-bin/gstFcgi.fcgi API endpoint. This allows unauthenticated remote attackers to perform actions such as listing user accounts, creating new administrative users, deleting users, and modifying system settings, potentially leading to a full compromise of the device.

Recommendations Versions 0.8.5 through 1.0.3 should be updated to a newer version that contains a fix for this vulnerability.