CWE-256
Plaintext Storage of a Password
The product stores a password in plaintext within resources such as memory or files.
CVE-2024-53292 (GCVE-0-2024-53292)
Vulnerability from cvelistv5 – Published: 2024-12-11 07:55 – Updated: 2024-12-11 15:09
VLAI
Summary
Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in the shell wrapper. A local high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable component with privileges of the compromised account.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00025896… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | Dell VxRail HCI |
Affected:
N/A , < x.40.405
(semver)
|
Date Public
2024-12-10 18:30
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53292",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-11T15:09:16.727089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T15:09:35.982Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dell VxRail HCI",
"vendor": "Dell",
"versions": [
{
"lessThan": "x.40.405",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-12-10T18:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in the shell wrapper. A local high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable component with privileges of the compromised account."
}
],
"value": "Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in the shell wrapper. A local high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable component with privileges of the compromised account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256: Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T07:55:24.383Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000258964/dsa-2024-492-security-update-dell-vxverify-on-vxrail-plaintext-password-storage-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-53292",
"datePublished": "2024-12-11T07:55:24.383Z",
"dateReserved": "2024-11-20T06:05:04.566Z",
"dateUpdated": "2024-12-11T15:09:35.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5960 (GCVE-0-2024-5960)
Vulnerability from cvelistv5 – Published: 2024-09-18 14:49 – Updated: 2026-06-03 12:50
VLAI
Title
Plaintext Storage of a Password in Eliz Software's Panel
Summary
Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials.
This issue affects Panel: before v2.3.24.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-24-1497 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Eliz Software | Panel |
Affected:
0 , < v2.3.24
(custom)
|
|
| eliz_software | panel |
Affected:
0 , < v2.3.24
(custom)
cpe:2.3:a:eliz_software:panel:*:*:*:*:*:*:*:* |
Date Public
2024-09-18 08:53
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:eliz_software:panel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "panel",
"vendor": "eliz_software",
"versions": [
{
"lessThan": "v2.3.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5960",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T14:08:19.459859Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T14:08:24.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Panel",
"vendor": "Eliz Software",
"versions": [
{
"lessThan": "v2.3.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Serhat YAPICI"
}
],
"datePublic": "2024-09-18T08:53:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials.\u003cp\u003eThis issue affects Panel: before v2.3.24.\u003c/p\u003e"
}
],
"value": "Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials.\n\nThis issue affects Panel: before v2.3.24."
}
],
"impacts": [
{
"capecId": "CAPEC-560",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-560 Use of Known Domain Credentials"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256 Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T12:50:33.033Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-24-1497"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-1497"
}
],
"source": {
"advisory": "TR-24-1497",
"defect": [
"TR-24-1497"
],
"discovery": "UNKNOWN"
},
"title": "Plaintext Storage of a Password in Eliz Software\u0027s Panel",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2024-5960",
"datePublished": "2024-09-18T14:49:32.180Z",
"dateReserved": "2024-06-13T07:52:35.830Z",
"dateUpdated": "2026-06-03T12:50:33.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-6118 (GCVE-0-2024-6118)
Vulnerability from cvelistv5 – Published: 2024-08-05 04:21 – Updated: 2024-08-05 14:34
VLAI
Title
Hamastar MeetingHub Paperless Meetings - Plaintext Storage of a Password
Summary
A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://zuso.ai/advisory/za-2024-03 | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hamastar Technology | MeetingHub Paperless Meetings |
Affected:
2021
(custom)
|
|
| hamastar | meetinghub_paperless_meetings |
Affected:
2021
cpe:2.3:a:hamastar:meetinghub_paperless_meetings:2021:*:*:*:*:*:*:* |
Date Public
2024-08-05 04:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hamastar:meetinghub_paperless_meetings:2021:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "meetinghub_paperless_meetings",
"vendor": "hamastar",
"versions": [
{
"status": "affected",
"version": "2021"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6118",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T14:33:06.565028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T14:34:57.112Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "MeetingHub Paperless Meetings",
"vendor": "Hamastar Technology",
"versions": [
{
"status": "affected",
"version": "2021",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-08-05T04:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users\u2019 credentials and gain access to the product via an XML file.\u003c/span\u003e"
}
],
"value": "A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users\u2019 credentials and gain access to the product via an XML file."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256: Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T04:21:23.711Z",
"orgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"shortName": "ZUSO ART"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://zuso.ai/advisory/za-2024-03"
}
],
"source": {
"defect": [
"ZA-2024-03"
],
"discovery": "EXTERNAL"
},
"title": "Hamastar MeetingHub Paperless Meetings - Plaintext Storage of a Password",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"assignerShortName": "ZUSO ART",
"cveId": "CVE-2024-6118",
"datePublished": "2024-08-05T04:21:23.711Z",
"dateReserved": "2024-06-18T06:34:22.212Z",
"dateUpdated": "2024-08-05T14:34:57.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9418 (GCVE-0-2024-9418)
Vulnerability from cvelistv5 – Published: 2025-03-20 10:09 – Updated: 2025-10-15 12:50
VLAI
Title
Insufficiently Protected Credentials in transformeroptimus/superagi
Summary
In version 0.0.14 of transformeroptimus/superagi, the API endpoint `/api/users/get/{id}` returns the user's password in plaintext. This vulnerability allows an attacker to retrieve the password of another user, leading to potential account takeover.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-256 - Unprotected Storage of Credentials
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| transformeroptimus | transformeroptimus/superagi |
Affected:
unspecified , ≤ latest
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9418",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-20T17:51:18.606256Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T18:56:02.204Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "transformeroptimus/superagi",
"vendor": "transformeroptimus",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In version 0.0.14 of transformeroptimus/superagi, the API endpoint `/api/users/get/{id}` returns the user\u0027s password in plaintext. This vulnerability allows an attacker to retrieve the password of another user, leading to potential account takeover."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256 Unprotected Storage of Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T12:50:46.781Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/9a8118a2-ea32-41f5-b501-fef4f31d8213"
}
],
"source": {
"advisory": "9a8118a2-ea32-41f5-b501-fef4f31d8213",
"discovery": "EXTERNAL"
},
"title": "Insufficiently Protected Credentials in transformeroptimus/superagi"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-9418",
"datePublished": "2025-03-20T10:09:21.583Z",
"dateReserved": "2024-10-01T19:08:42.452Z",
"dateUpdated": "2025-10-15T12:50:46.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0936 (GCVE-0-2025-0936)
Vulnerability from cvelistv5 – Published: 2025-05-07 22:52 – Updated: 2025-05-08 13:02
VLAI
Title
On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly
Summary
On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote accounting servers (i.e. TACACS, RADIUS, etc).
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | EOS |
Affected:
4.33.0 , ≤ 4.33.1
(custom)
Affected: 4.32.0 , ≤ 4.32.3M (custom) Affected: 4.31.0 , ≤ 4.31.5M (custom) Affected: 4.30.1F , ≤ 4.30.9M (custom) |
Date Public
2025-05-06 15:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0936",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T13:01:59.603974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T13:02:27.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21394-security-advisory-0117"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.33.1",
"status": "affected",
"version": "4.33.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.32.3M",
"status": "affected",
"version": "4.32.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.5M",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.9M",
"status": "affected",
"version": "4.30.1F",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2025-0936, one or both of the following conditions must be met:\u003c/p\u003e\u003cul\u003e\u003cli\u003eOpenConfig must be enabled with a gNOI server with accounting enabled \u003c/li\u003e\u003cli\u003eOpenConfig must be enabled with a gNOI server with tracing enabled which includes any of:\u003cbr\u003e\u003cul\u003e\u003cli\u003eservice/9\u003c/li\u003e\u003cli\u003einterceptor/9 \u003c/li\u003e\u003cli\u003etransport_socketcli/9 \u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eIf OpenConfig is enabled with a gNOI server with accounting enabled, this will be shown in the following CLI output:\u003c/p\u003e\u003cpre\u003eswitch(config)#show management api gnmi\nTransport: default\nEnabled: \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eyes\u003c/span\u003e\nServer: running on port 6030, in default VRF\nSSL profile: none\nQoS DSCP: none\nAuthorization required: no\nAccounting requests: \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eyes\u003c/span\u003e\nNotification timestamp: last change time\nListen addresses: ::\nAuthentication username priority: x509-spiffe, metadata, x509-common-name\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf OpenConfig is not configured or OpenConfig is configured with no gNOI server, then there is no exposure to this issue and the message will look like.\u003c/p\u003e\u003cpre\u003eswitch(config)#show management api gnmi\nEnabled: \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eno transports enabled\u003c/span\u003e\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eTo see the tracing enabled for OpenConfig, run:\u003c/p\u003e\u003cpre\u003eswitch(config)#show running-config section trace | grep OpenConfig\ntrace OpenConfig setting \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eservice/9,interceptor/9,transport_socketcli/9\u003c/span\u003e\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eNote: gRPC-based streaming via TerminAttr to CloudVision is not affected by this vulnerability.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2025-0936, one or both of the following conditions must be met:\n\n * OpenConfig must be enabled with a gNOI server with accounting enabled \n * OpenConfig must be enabled with a gNOI server with tracing enabled which includes any of:\n * service/9\n * interceptor/9 \n * transport_socketcli/9 \n\n\n\n\n\nIf OpenConfig is enabled with a gNOI server with accounting enabled, this will be shown in the following CLI output:\n\nswitch(config)#show management api gnmi\nTransport: default\nEnabled: yes\nServer: running on port 6030, in default VRF\nSSL profile: none\nQoS DSCP: none\nAuthorization required: no\nAccounting requests: yes\nNotification timestamp: last change time\nListen addresses: ::\nAuthentication username priority: x509-spiffe, metadata, x509-common-name\n\n\n\u00a0\n\nIf OpenConfig is not configured or OpenConfig is configured with no gNOI server, then there is no exposure to this issue and the message will look like.\n\nswitch(config)#show management api gnmi\nEnabled: no transports enabled\n\n\n\u00a0\n\nTo see the tracing enabled for OpenConfig, run:\n\nswitch(config)#show running-config section trace | grep OpenConfig\ntrace OpenConfig setting service/9,interceptor/9,transport_socketcli/9\n\n\n\u00a0\n\nNote: gRPC-based streaming via TerminAttr to CloudVision is not affected by this vulnerability."
}
],
"datePublic": "2025-05-06T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote accounting servers (i.e. TACACS, RADIUS, etc).\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote accounting servers (i.e. TACACS, RADIUS, etc)."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T22:52:25.444Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21394-security-advisory-0117"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003eCVE-2025-0936 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.30.10M and later releases in the 4.30.x train\u003c/li\u003e\u003cli\u003e4.31.7M and later releases in the 4.31.x train\u003c/li\u003e\u003cli\u003e4.32.5M and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.33.2F and later releases\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2025-0936 has been fixed in the following releases:\n\n * 4.30.10M and later releases in the 4.30.x train\n * 4.31.7M and later releases in the 4.31.x train\n * 4.32.5M and later releases in the 4.32.x train\n * 4.33.2F and later releases"
}
],
"source": {
"defect": [
"BUG 1045796"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are a number of possible workarounds:\u003c/p\u003e\u003ch4\u003eOption 1 - disable accounting/logging for the OpenConfig transport\u003c/h4\u003e\u003cp\u003eFor example to disable accounting for transport named \u201cdefault\u201d:\u003c/p\u003e\u003cpre\u003eswitch(config)#management api gnmi\nswitch(config-mgmt-api-gnmi)#transport grpc default\nswitch(config-gnmi-transport-default)#\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eno accounting requests\u003c/span\u003e\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eto disable logging for the OpenConfig agent, run:\u003c/p\u003e\u003cpre\u003eswitch(config)#no trace OpenConfig setting\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003ch4\u003eOption 2 - disable the gNOI File service entirely\u003c/h4\u003e\u003cp\u003eTo disable the gNOI File service, override the OCGNOIFileToggle, then restart OpenConfig to load the changes\u003c/p\u003e\u003cpre\u003eswitch#bash timeout 100 echo \"OCGNOIFileToggle=0\" \u0026gt;\u0026gt; /mnt/flash/toggle_override\nswitch#agent OpenConfig terminate \n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eDisabling the gNOI File service will mean that gNOI clients will no longer be able to call any gNOI File RPCs\u003c/p\u003e\u003ch4\u003eOption 3 - block the TransferToRemote RPC using gNSI Authz\u003c/h4\u003e\u003cp\u003eFor releases with gNSI Authz (EOS 4.31.0F and later releases), the TransferToRemote RPC can be blocked using gNSI Authz.\u003c/p\u003e\u003cp\u003eFirst enable gNSI Authz service by adding the following config:\u003c/p\u003e\u003cpre\u003eswitch(config)#management api gnsi\nswitch(config-mgmt-api-gnsi)#service authz\n\u003c/pre\u003e\u003cp\u003eWhere [NAME] is the name of the running gNMI transport\u003c/p\u003e\u003cp\u003eAdding this config will cause the named gNMI transport to reload.\u003c/p\u003e\u003cp\u003eNext update the authz policy to block access to the TransferToRemote RPC. This can be done directly on the system by updating the Authz policy file and waiting at least 10 seconds for OpenConfig to reload the changes:\u003c/p\u003e\u003cpre\u003eswitch#bash timeout 100 echo \"{\\\"name\\\":\\\"block gNOI TransferToRemote policy\\\",\\\"allow_rules\\\":[{\\\"name\\\":\\\"allow_all\\\"}],\\\"deny_rules\\\":[{\\\"name\\\":\\\"no-one-can-use-gnoi-transfer-to-remote\\\",\\\"request\\\":{\\\"paths\\\":[\\\"/gnoi.file.File/TransferToRemote\\\"]}}]}\" | sudo tee /persist/sys/gnsi/authz/policy.json \u0026amp;\u0026amp; sleep 11\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eThis will cause attempts to run the TransferToRemote RPC to fail with a \u201cPermissionDenied\u201d error code.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "There are a number of possible workarounds:\n\nOption 1 - disable accounting/logging for the OpenConfig transportFor example to disable accounting for transport named \u201cdefault\u201d:\n\nswitch(config)#management api gnmi\nswitch(config-mgmt-api-gnmi)#transport grpc default\nswitch(config-gnmi-transport-default)#no accounting requests\n\n\n\u00a0\n\nto disable logging for the OpenConfig agent, run:\n\nswitch(config)#no trace OpenConfig setting\n\n\n\u00a0\n\nOption 2 - disable the gNOI File service entirelyTo disable the gNOI File service, override the OCGNOIFileToggle, then restart OpenConfig to load the changes\n\nswitch#bash timeout 100 echo \"OCGNOIFileToggle=0\" \u003e\u003e /mnt/flash/toggle_override\nswitch#agent OpenConfig terminate \n\n\n\u00a0\n\nDisabling the gNOI File service will mean that gNOI clients will no longer be able to call any gNOI File RPCs\n\nOption 3 - block the TransferToRemote RPC using gNSI AuthzFor releases with gNSI Authz (EOS 4.31.0F and later releases), the TransferToRemote RPC can be blocked using gNSI Authz.\n\nFirst enable gNSI Authz service by adding the following config:\n\nswitch(config)#management api gnsi\nswitch(config-mgmt-api-gnsi)#service authz\n\n\nWhere [NAME] is the name of the running gNMI transport\n\nAdding this config will cause the named gNMI transport to reload.\n\nNext update the authz policy to block access to the TransferToRemote RPC. This can be done directly on the system by updating the Authz policy file and waiting at least 10 seconds for OpenConfig to reload the changes:\n\nswitch#bash timeout 100 echo \"{\\\"name\\\":\\\"block gNOI TransferToRemote policy\\\",\\\"allow_rules\\\":[{\\\"name\\\":\\\"allow_all\\\"}],\\\"deny_rules\\\":[{\\\"name\\\":\\\"no-one-can-use-gnoi-transfer-to-remote\\\",\\\"request\\\":{\\\"paths\\\":[\\\"/gnoi.file.File/TransferToRemote\\\"]}}]}\" | sudo tee /persist/sys/gnsi/authz/policy.json \u0026\u0026 sleep 11\n\n\n\u00a0\n\nThis will cause attempts to run the TransferToRemote RPC to fail with a \u201cPermissionDenied\u201d error code."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-0936",
"datePublished": "2025-05-07T22:52:25.444Z",
"dateReserved": "2025-01-31T17:18:43.715Z",
"dateUpdated": "2025-05-08T13:02:27.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11193 (GCVE-0-2025-11193)
Vulnerability from cvelistv5 – Published: 2025-11-03 21:40 – Updated: 2025-11-03 21:47
VLAI
Summary
A potential vulnerability was reported in some Lenovo Tablets that could allow a local authenticated user or application to gain access to sensitive device specific information.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
1 reference
Impacted products
19 products
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | Tab M11 TB330FU TB330XU |
Affected:
0 , < TB330FU_ROW_OPEN_USER_V5_V_ZUI_17.0.274_ST_251011
(custom)
Affected: 0 , < TB330XU_ROW_OPEN_USER_V5_V_ZUI_17.0.235_ST_251011 (custom) |
|
| Lenovo | Tab K11 TB330FU TB330FUP TB330XU TB330XUP |
Affected:
0 , < TB330FU_ROW_OPEN_USER_V5_V_ZUI_17.0.274_ST_251011
(custom)
Affected: 0 , < TB330XU_ROW_OPEN_USER_V5_V_ZUI_17.0.235_ST_251011 (custom) |
|
| Lenovo | Idea Tab Pro TB373FU |
Affected:
0 , < 17.0.04.184
(custom)
|
|
| Lenovo | Tab WiFi 5G |
Affected:
0 , < 17.0.10.457
(custom)
|
|
| Lenovo | Tab K9 TB305FU |
Affected:
0 , < 17.0.10.069
(custom)
|
|
| Lenovo | Tab K9 TB305XU |
Affected:
0 , < 17.0.10.065
(custom)
|
|
| Lenovo | Tab Plus TB520FU |
Affected:
0 , < 17.0.12.203
(custom)
|
|
| Lenovo | Tab M8 4th Gen 2024 TB301FU TB301XU |
Affected:
0 , < TB300FU_USR_S101112_250919_MP1V1111_ROW
(custom)
Affected: 0 , < TB300XU_USR_S101103_250919_MP1V1111_ROW (custom) |
|
| Lenovo | Tab Extreme TB570ZU TB570FU |
Affected:
0 , < 17.0.104
(custom)
|
|
| Lenovo | Tab M10 5G TB360ZU |
Affected:
0 , < 16.0.783
(custom)
|
|
| Lenovo | Tab M8 4th Gen TB300FU TB300XU |
Affected:
0 , < TB300FU_USR_S101112_250919_MP1V1111_ROW
(custom)
Affected: 0 , < TB300XU_USR_S101103_250919_MP1V1111_ROW (custom) |
|
| Lenovo | Tab M9 TB310FU TB310XU |
Affected:
0 , < TB310FU_USR_S000912_2510022135_mp1V969_ROW
(custom)
Affected: 0 , < TB310XU_USR_S000913_2510021921_mp1V969_ROW (custom) |
|
| Lenovo | Tab P11 2nd Gen TB350XU TB350FU |
Affected:
0 , < TB350XU_USER_S230920_2508120308_MP_ROW
(custom)
Affected: 0 , < TB350FU_USER_S230917_2508090248_MP_ROW (custom) |
|
| Lenovo | Tab P12 TB370FU TB372FU |
Affected:
0 , < TB370FU_ROW_OPEN_USER_V5_V_ZUI_17.0.187_ST_250817
(custom)
Affected: 0 , < TB372FC_ROW_OPEN_USER_V5_V_ZUI_17.0.116_ST_250822 (custom) |
|
| Lenovo | Tab WIFI |
Affected:
0 , < 17.0.30.303
(custom)
|
|
| Lenovo | Tab K11 Plus LTE TB352FU TB352XU |
Affected:
0 , < 17.0.10.213
(custom)
|
|
| Lenovo | Tab K11 Plus WIFI TB352FU |
Affected:
0 , < 17.0.10.213
(custom)
|
|
| Lenovo | Yoga Tab Plus TB520FU |
Affected:
0 , < 17.5.10.035
(custom)
|
|
| Lenovo | Tab One TB305FUXU |
Affected:
0 , < 17.0.10.107
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11193",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-03T21:47:43.211390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T21:47:52.661Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Tab M11 TB330FU TB330XU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "TB330FU_ROW_OPEN_USER_V5_V_ZUI_17.0.274_ST_251011",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "TB330XU_ROW_OPEN_USER_V5_V_ZUI_17.0.235_ST_251011",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab K11 TB330FU TB330FUP TB330XU TB330XUP",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "TB330FU_ROW_OPEN_USER_V5_V_ZUI_17.0.274_ST_251011",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "TB330XU_ROW_OPEN_USER_V5_V_ZUI_17.0.235_ST_251011",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Idea Tab Pro TB373FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.04.184",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab WiFi 5G",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.10.457",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab K9 TB305FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.10.069",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab K9 TB305XU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.10.065",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab Plus TB520FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.12.203",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab M8 4th Gen 2024 TB301FU TB301XU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "TB300FU_USR_S101112_250919_MP1V1111_ROW",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "TB300XU_USR_S101103_250919_MP1V1111_ROW",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab Extreme TB570ZU TB570FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.104",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab M10 5G TB360ZU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "16.0.783",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab M8 4th Gen TB300FU TB300XU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "TB300FU_USR_S101112_250919_MP1V1111_ROW",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "TB300XU_USR_S101103_250919_MP1V1111_ROW",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab M9 TB310FU TB310XU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "TB310FU_USR_S000912_2510022135_mp1V969_ROW",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "TB310XU_USR_S000913_2510021921_mp1V969_ROW",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab P11 2nd Gen TB350XU TB350FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "TB350XU_USER_S230920_2508120308_MP_ROW",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "TB350FU_USER_S230917_2508090248_MP_ROW",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab P12 TB370FU TB372FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "TB370FU_ROW_OPEN_USER_V5_V_ZUI_17.0.187_ST_250817",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "TB372FC_ROW_OPEN_USER_V5_V_ZUI_17.0.116_ST_250822",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab WIFI",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.30.303",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab K11 Plus LTE TB352FU TB352XU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.10.213",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab K11 Plus WIFI TB352FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.10.213",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Yoga Tab Plus TB520FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.5.10.035",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab One TB305FUXU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.10.107",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_m11_tb330fu_tb330xu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb330fu_row_open_user_v5_v_zui_17.0.274_st_251011",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:tab_m11_tb330fu_tb330xu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb330xu_row_open_user_v5_v_zui_17.0.235_st_251011",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_k11_tb330fu_tb330fup_tb330xu_tb330xup:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb330fu_row_open_user_v5_v_zui_17.0.274_st_251011",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:tab_k11_tb330fu_tb330fup_tb330xu_tb330xup:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb330xu_row_open_user_v5_v_zui_17.0.235_st_251011",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:idea_tab_pro_tb373fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.04.184",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_wifi_5g:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.10.457",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_k9_tb305fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.10.069",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_k9_tb305xu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.10.065",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_plus_tb520fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.12.203",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_m8_4th_gen_2024_tb301fu_tb301xu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb300fu_usr_s101112_250919_mp1v1111_row",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:tab_m8_4th_gen_2024_tb301fu_tb301xu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb300xu_usr_s101103_250919_mp1v1111_row",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_extreme_tb570zu_tb570fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.104",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_m10_5g_tb360zu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.783",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_m8_4th_gen_tb300fu_tb300xu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb300fu_usr_s101112_250919_mp1v1111_row",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:tab_m8_4th_gen_tb300fu_tb300xu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb300xu_usr_s101103_250919_mp1v1111_row",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_m9_tb310fu_tb310xu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb310fu_usr_s000912_2510022135_mp1v969_row",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:tab_m9_tb310fu_tb310xu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb310xu_usr_s000913_2510021921_mp1v969_row",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_p11_2nd_gen_tb350xu_tb350fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb350xu_user_s230920_2508120308_mp_row",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:tab_p11_2nd_gen_tb350xu_tb350fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb350fu_user_s230917_2508090248_mp_row",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_p12_tb370fu_tb372fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb370fu_row_open_user_v5_v_zui_17.0.187_st_250817",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:tab_p12_tb370fu_tb372fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb372fc_row_open_user_v5_v_zui_17.0.116_st_250822",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_wifi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.30.303",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_k11_plus_lte_tb352fu_tb352xu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.10.213",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_k11_plus_wifi_tb352fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.10.213",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:yoga_tab_plus_tb520fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.5.10.035",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_one_tb305fuxu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.10.107",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Tim Schumacher for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential vulnerability was reported in some Lenovo Tablets that could allow a local authenticated user or application to gain access to sensitive device specific information.\u003c/span\u003e"
}
],
"value": "A potential vulnerability was reported in some Lenovo Tablets that could allow a local authenticated user or application to gain access to sensitive device specific information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256: Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T21:40:32.038Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-202383"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate to the version (or newer) indicated for your model in the Product Impact section in the advisory:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-202383\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-202383\u003c/a\u003e\u003c/p\u003e\u003cp\u003eSee details on updating your Lenovo Android device \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://pcsupport.lenovo.com/us/en/solutions/ht117027\"\u003ehere\u003c/a\u003e.\u003c/p\u003e"
}
],
"value": "Update to the version (or newer) indicated for your model in the Product Impact section in the advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-202383 \n\nSee details on updating your Lenovo Android device here https://pcsupport.lenovo.com/us/en/solutions/ht117027 ."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.3.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-11193",
"datePublished": "2025-11-03T21:40:32.038Z",
"dateReserved": "2025-09-30T16:21:23.339Z",
"dateUpdated": "2025-11-03T21:47:52.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12680 (GCVE-0-2025-12680)
Vulnerability from cvelistv5 – Published: 2026-02-02 20:50 – Updated: 2026-02-03 15:35
VLAI
Title
Brocade SANnav DataBase plaintext password is logged in failover logs (CVE-2025-12680)
Summary
Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby SANnav server, after disaster recovery failover. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read the database password.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12680",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T15:34:36.683547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T15:35:13.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SANnav",
"vendor": "Brocade",
"versions": [
{
"status": "affected",
"version": "before Brocade SANnav 2.4.0b"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eBrocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby SANnav server, after disaster recovery failover. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read the database password. \u003c/span\u003e\u003c/p\u003e"
}
],
"value": "Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby SANnav server, after disaster recovery failover. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read the database password."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256: Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T02:01:06.938Z",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36844"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Brocade SANnav DataBase plaintext password is logged in failover logs (CVE-2025-12680)",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2025-12680",
"datePublished": "2026-02-02T20:50:29.756Z",
"dateReserved": "2025-11-03T23:43:51.547Z",
"dateUpdated": "2026-02-03T15:35:13.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13187 (GCVE-0-2025-13187)
Vulnerability from cvelistv5 – Published: 2025-11-14 22:02 – Updated: 2025-11-17 20:42
VLAI
Title
Intelbras ICIP acessodeusuario.xml credentials storage
Summary
A security vulnerability has been detected in Intelbras ICIP 2.0.20. Affected is an unknown function of the file /xml/sistema/acessodeusuario.xml. Such manipulation of the argument NomeUsuario/SenhaAcess leads to unprotected storage of credentials. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.332475 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.332475 | signaturepermissions-required |
| https://vuldb.com/?submit.685522 | third-party-advisory |
| https://www.notion.so/eldruin/Intelbras-ICIP-Plai… | exploit |
| https://www.notion.so/eldruin/Intelbras-ICIP-Plai… | exploit |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13187",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-17T20:42:22.593105Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T20:42:25.385Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.notion.so/eldruin/Intelbras-ICIP-Plaintext-Admin-Credentials-Disclosure-CVE-2025-13187-29b27474cccb80ff943ff2776d03d7cd"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ICIP",
"vendor": "Intelbras",
"versions": [
{
"status": "affected",
"version": "2.0.20"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "eldruin (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in Intelbras ICIP 2.0.20. Affected is an unknown function of the file /xml/sistema/acessodeusuario.xml. Such manipulation of the argument NomeUsuario/SenhaAcess leads to unprotected storage of credentials. The attack may be launched remotely. The exploit has been disclosed publicly and may be used."
},
{
"lang": "de",
"value": "In Intelbras ICIP 2.0.20 ist eine Schwachstelle entdeckt worden. Betroffen ist eine unbekannte Funktion der Datei /xml/sistema/acessodeusuario.xml. Durch die Manipulation des Arguments NomeUsuario/SenhaAcess mit unbekannten Daten kann eine unprotected storage of credentials-Schwachstelle ausgenutzt werden. Ein Angriff ist aus der Distanz m\u00f6glich. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "Unprotected Storage of Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-255",
"description": "Credentials Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T22:02:06.229Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-332475 | Intelbras ICIP acessodeusuario.xml credentials storage",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.332475"
},
{
"name": "VDB-332475 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.332475"
},
{
"name": "Submit #685522 | Intelbras ICIP 2.0.20 Unprotected Storage of Credentials",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.685522"
},
{
"tags": [
"exploit"
],
"url": "https://www.notion.so/eldruin/Intelbras-ICIP-Plaintext-Admin-Credentials-Disclosure-29b27474cccb80ff943ff2776d03d7cd"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-14T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-14T14:08:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "Intelbras ICIP acessodeusuario.xml credentials storage"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13187",
"datePublished": "2025-11-14T22:02:06.229Z",
"dateReserved": "2025-11-14T13:02:51.954Z",
"dateUpdated": "2025-11-17T20:42:25.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13221 (GCVE-0-2025-13221)
Vulnerability from cvelistv5 – Published: 2025-11-15 19:32 – Updated: 2026-01-07 16:53
VLAI
Title
Intelbras UnniTI usuarios.xml credentials storage
Summary
A weakness has been identified in Intelbras UnniTI 24.07.11. The affected element is an unknown function of the file /xml/sistema/usuarios.xml. Executing manipulation of the argument Usuario/Senha can lead to unprotected storage of credentials. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.332537 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.332537 | signaturepermissions-required |
| https://vuldb.com/?submit.685825 | third-party-advisory |
| https://www.notion.so/eldruin/Intelbras-UnniTI-Pl… | exploit |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13221",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-07T16:53:06.187300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T16:53:16.059Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "UnniTI",
"vendor": "Intelbras",
"versions": [
{
"status": "affected",
"version": "24.07.11"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "eldruin (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in Intelbras UnniTI 24.07.11. The affected element is an unknown function of the file /xml/sistema/usuarios.xml. Executing manipulation of the argument Usuario/Senha can lead to unprotected storage of credentials. The attack can be executed remotely. The exploit has been made available to the public and could be exploited."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Intelbras UnniTI 24.07.11 entdeckt. Davon betroffen ist unbekannter Code der Datei /xml/sistema/usuarios.xml. Durch das Beeinflussen des Arguments Usuario/Senha mit unbekannten Daten kann eine unprotected storage of credentials-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "Unprotected Storage of Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-255",
"description": "Credentials Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-15T19:32:05.663Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-332537 | Intelbras UnniTI usuarios.xml credentials storage",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.332537"
},
{
"name": "VDB-332537 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.332537"
},
{
"name": "Submit #685825 | Intelbras UnniTI 24.07.11 Unprotected Storage of Credentials",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.685825"
},
{
"tags": [
"exploit"
],
"url": "https://www.notion.so/eldruin/Intelbras-UnniTI-Plaintext-Admin-Credentials-Disclosure-29c27474cccb8008b2d7ea60affdf86e?source=copy_link"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-14T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-14T22:19:55.000Z",
"value": "VulDB entry last update"
}
],
"title": "Intelbras UnniTI usuarios.xml credentials storage"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13221",
"datePublished": "2025-11-15T19:32:05.663Z",
"dateReserved": "2025-11-14T21:14:33.763Z",
"dateUpdated": "2026-01-07T16:53:16.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14183 (GCVE-0-2025-14183)
Vulnerability from cvelistv5 – Published: 2025-12-07 03:02 – Updated: 2025-12-08 17:13
VLAI
Title
SGAI Space1 NAS N1211DS gsaiagent JSONAPI GET_USER_INFO credentials storage
Summary
A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GET_FACTORY_INFO/GET_USER_INFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.334603 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.334603 | signaturepermissions-required |
| https://vuldb.com/?submit.698566 | third-party-advisory |
| https://vuldb.com/?submit.698567 | third-party-advisory |
| https://www.notion.so/2b16cf4e528a8000b30bd543247fa1bd | related |
| https://www.notion.so/2b16cf4e528a80859264db63f2340d7a | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SGAI | Space1 NAS N1211DS |
Affected:
1.0.915
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14183",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T17:03:40.371609Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T17:13:15.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"gsaiagent"
],
"product": "Space1 NAS N1211DS",
"vendor": "SGAI",
"versions": [
{
"status": "affected",
"version": "1.0.915"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "renguangyue (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GET_FACTORY_INFO/GET_USER_INFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "Unprotected Storage of Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-255",
"description": "Credentials Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-07T03:02:05.975Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-334603 | SGAI Space1 NAS N1211DS gsaiagent JSONAPI GET_USER_INFO credentials storage",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.334603"
},
{
"name": "VDB-334603 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.334603"
},
{
"name": "Submit #698566 | SGAI N1211DS NAS v1.0.915 Improper Authentication",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.698566"
},
{
"name": "Submit #698567 | SGAI N1211DS NAS v1.0.915 Improper Authentication (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.698567"
},
{
"tags": [
"related"
],
"url": "https://www.notion.so/2b16cf4e528a8000b30bd543247fa1bd"
},
{
"tags": [
"exploit"
],
"url": "https://www.notion.so/2b16cf4e528a80859264db63f2340d7a"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-06T10:07:08.000Z",
"value": "VulDB entry last update"
}
],
"title": "SGAI Space1 NAS N1211DS gsaiagent JSONAPI GET_USER_INFO credentials storage"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14183",
"datePublished": "2025-12-07T03:02:05.975Z",
"dateReserved": "2025-12-06T09:01:49.659Z",
"dateUpdated": "2025-12-08T17:13:15.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Architecture and Design
Description:
- Avoid storing passwords in easily accessible locations.
Mitigation
Phase: Architecture and Design
Description:
- Consider storing cryptographic hashes of passwords as an alternative to storing in plaintext.
Mitigation
Phases:
Description:
- A programmer might attempt to remedy the password management problem by obscuring the password with an encoding function, such as base 64 encoding, but this effort does not adequately protect the password because the encoding can be detected and decoded easily.
No CAPEC attack patterns related to this CWE.