CVE-2025-36754

Name of the Vulnerable Software and Affected Versions versions prior to 2025 (affected versions not specified)

Description The authentication mechanism on the web interface is flawed, allowing bypass of authentication checks through crafted POST requests with new settings. This is due to the absence of session tokens or authentication measures. An attacker could redirect the device to an arbitrary address for domain name resolution, potentially enabling a man-in-the-middle (MitM) attack. The vulnerability involves crafting a POST request to manipulate settings without proper authentication.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.