PT-2025-9044 · Bosscomm · Bosscomm If740 System+1
Published
2025-02-27
·
Updated
2025-03-01
·
CVE-2025-25728
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Bosscomm IF740 Firmware versions 11001.7078 through 11001.0000
Bosscomm IF740 System versions 6.25 through 6.00
Description
The issue allows attackers to access sensitive information via a man-in-the-middle attack because communications to the update API are sent in plaintext.
Recommendations
For Bosscomm IF740 Firmware versions 11001.7078 through 11001.0000, consider restricting access to the update API until a secure communication method is implemented.
For Bosscomm IF740 System versions 6.25 through 6.00, restrict access to the update API until a secure communication method is implemented.
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bosscomm If740 Firmware
Bosscomm If740 System