CVE-2025-22961

Name of the Vulnerable Software and Affected Versions: GatesAir Maxiva UAXT, VAXT transmitters (affected versions not specified)

Description: A critical information disclosure issue exists in the web-based management interface due to Incorrect Access Control. Unauthenticated attackers can access sensitive database backup files, such as snapshot users.db, via publicly exposed URLs, including "/logs/devcfg/snapshot/" and "/logs/devcfg/user/". This allows retrieval of sensitive user data, including login credentials, potentially leading to full system compromise.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.