CVE-2025-65212

Name of the Vulnerable Software and Affected Versions NJHYST HY511 POE core versions prior to 2.1 NJHYST HY511 POE plugins versions prior to 0.1

Description The device exhibits insufficient cookie verification, enabling an attacker to directly request the configuration file address and download the core configuration file without authenticating through the device management backend. Accessing the core configuration file allows an attacker to extract the username and a self-decrypted MD5 password, facilitating direct login to the backend and bypassing the standard login process.

Recommendations Versions prior to 2.1 of NJHYST HY511 POE core should be updated. Versions prior to 0.1 of NJHYST HY511 POE plugins should be updated.