PT-2025-48772 · Unknown · Longwatch Devices
Published
2025-11-18
·
Updated
2026-01-08
·
CVE-2025-13658
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Longwatch version 6.309
Description
A flaw in Longwatch devices permits unauthenticated HTTP GET requests to execute arbitrary code through an exposed endpoint. This is due to the lack of code signing and execution controls, leading to SYSTEM-level privileges. The issue allows for unauthenticated remote code execution.
Recommendations
Segment and monitor Longwatch devices.
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Longwatch Devices