CVE-2025-65855

Name of the Vulnerable Software and Affected Versions Netun Solutions HelpFlash IoT version v18 178 221102 ASCII PRO 1R5 50

Description The over-the-air (OTA) firmware update process in the software does not properly authenticate update servers or validate firmware signatures, and relies on hard-coded WiFi credentials that are consistent across all devices. An attacker with temporary physical access can initiate the OTA update mode by pressing a button for eight seconds. This allows the attacker to establish a malicious WiFi access point using the known credentials and deliver harmful firmware through unauthenticated HTTP, potentially leading to arbitrary code execution on the device. The device is a safety-critical emergency signaling device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.