PT-2026-40798 · Garmin · Empirbus Wireless Display Unit Firmware
Published
2026-05-13
·
Updated
2026-06-02
·
CVE-2025-27853
CVSS v3.1
7.3
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Garmin WDU version 1.4.6
Garmin WDU version 5.0
Description
The locally served web site allows authentication to be bypassed because the site only performs authentication within the client's browser. The WebSockets used for communication with the server do not enforce authentication, allowing an attacker to bypass security mechanisms by directly utilizing the remote APIs available on the websocket.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Empirbus Wireless Display Unit Firmware