Search criteria
13 vulnerabilities
CVE-2025-48464 (GCVE-0-2025-48464)
Vulnerability from cvelistv5 – Published: 2025-10-08 06:50 – Updated: 2025-10-08 17:27
VLAI?
Summary
Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim’s Sync account data such as account credentials and email protection information.
Severity ?
4.7 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| DuckDuckGo | DuckDuckGo Browser |
Affected:
5.246.0 and below
|
Credits
Leng Kang Hao
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48464",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-08T17:23:36.909136Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T17:27:07.706Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DuckDuckGo Browser",
"vendor": "DuckDuckGo",
"versions": [
{
"status": "affected",
"version": "5.246.0 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Leng Kang Hao"
}
],
"datePublic": "2025-10-08T06:49:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim\u2019s Sync account data such as account credentials and email protection information.\n\n\u003cbr\u003e"
}
],
"value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim\u2019s Sync account data such as account credentials and email protection information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T06:50:11.081Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-097/"
},
{
"url": "https://tuxplorer.com/posts/dont-leave-me-outdated/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Users of affected product versions are advised to update to DuckDuckGo version 5.247.0 immediately.\n\n\u003cbr\u003e"
}
],
"value": "Users of affected product versions are advised to update to DuckDuckGo version 5.247.0 immediately."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Exposure of Sensitive Information",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2025-48464",
"datePublished": "2025-10-08T06:50:11.081Z",
"dateReserved": "2025-05-22T09:41:25.401Z",
"dateUpdated": "2025-10-08T17:27:07.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52690 (GCVE-0-2025-52690)
Vulnerability from cvelistv5 – Published: 2025-07-16 06:34 – Updated: 2025-07-16 14:40
VLAI?
Summary
Successful exploitation of the vulnerability could allow an attacker to execute arbitrary commands as root, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point.
Severity ?
8.1 (High)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Alcatel-Lucent | OmniAccess Stellar Products |
Affected:
AP1100 AWOS versions 5.0.2 GA and earlier
Affected: AP1200 AWOS versions 5.0.2 GA and earlier Affected: AP1300 AWOS versions 5.0.2 GA and earlier Affected: AP1400 AWOS versions 5.0.2 GA and earlier Affected: AP1500 AWOS versions 5.0.2 GA and earlier |
Credits
Lam Jun Rong
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52690",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-16T14:35:23.553527Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T14:40:53.098Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://jro.sg/CVEs/CVE-2025-52690/"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "OmniAccess Stellar Products",
"vendor": "Alcatel-Lucent",
"versions": [
{
"status": "affected",
"version": "AP1100 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1200 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1300 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1400 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1500 AWOS versions 5.0.2 GA and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lam Jun Rong"
}
],
"datePublic": "2025-07-16T06:31:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Successful exploitation of the vulnerability could allow an attacker to execute arbitrary commands as root, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point."
}
],
"value": "Successful exploitation of the vulnerability could allow an attacker to execute arbitrary commands as root, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T06:34:02.704Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-072/"
},
{
"url": "https://www.al-enterprise.com/-/media/assets/internet/documents/sa-n0150-omniaccess-stellar-multiple-vulnerabilities.pdf"
},
{
"url": "https://jro.sg/CVEs/CVE-2025-52690/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version."
}
],
"value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection Vulnerability in the OmniAccess Stellar over UDP Service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2025-52690",
"datePublished": "2025-07-16T06:34:02.704Z",
"dateReserved": "2025-06-19T06:04:41.987Z",
"dateUpdated": "2025-07-16T14:40:53.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52689 (GCVE-0-2025-52689)
Vulnerability from cvelistv5 – Published: 2025-07-16 06:30 – Updated: 2025-07-16 14:40
VLAI?
Summary
Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a valid session ID with administrator privileges by spoofing the login request, potentially allowing the attacker to modify the behaviour of the access point.
Severity ?
9.8 (Critical)
CWE
- CWE-384 - Session Fixation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Alcatel-Lucent | OmniAccess Stellar Products |
Affected:
AP1100 AWOS versions 5.0.2 GA and earlier
Affected: AP1200 AWOS versions 5.0.2 GA and earlier Affected: AP1300 AWOS versions 5.0.2 GA and earlier Affected: AP1400 AWOS versions 5.0.2 GA and earlier Affected: AP1500 AWOS versions 5.0.2 GA and earlier |
Credits
Lam Jun Rong
Cao Yitian
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52689",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-16T14:35:50.269269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T14:40:58.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/UltimateHG/CVE-2025-52689-PoC"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "OmniAccess Stellar Products",
"vendor": "Alcatel-Lucent",
"versions": [
{
"status": "affected",
"version": "AP1100 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1200 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1300 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1400 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1500 AWOS versions 5.0.2 GA and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lam Jun Rong"
},
{
"lang": "en",
"type": "finder",
"value": "Cao Yitian"
}
],
"datePublic": "2025-07-16T06:26:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a valid session ID with administrator privileges by spoofing the login request, potentially allowing the attacker to modify the behaviour of the access point."
}
],
"value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a valid session ID with administrator privileges by spoofing the login request, potentially allowing the attacker to modify the behaviour of the access point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T06:30:11.161Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-072/"
},
{
"url": "https://www.al-enterprise.com/-/media/assets/internet/documents/sa-n0150-omniaccess-stellar-multiple-vulnerabilities.pdf"
},
{
"url": "https://blog.uhg.sg/article/24.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version.\n\n\u003cbr\u003e"
}
],
"value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Weak Session ID Check in the OmniAccess Stellar Web Management Interface",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2025-52689",
"datePublished": "2025-07-16T06:30:11.161Z",
"dateReserved": "2025-06-19T06:04:41.987Z",
"dateUpdated": "2025-07-16T14:40:58.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52688 (GCVE-0-2025-52688)
Vulnerability from cvelistv5 – Published: 2025-07-16 06:23 – Updated: 2025-07-16 14:41
VLAI?
Summary
Successful exploitation of the vulnerability could allow an attacker to inject commands with root privileges on the access point, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point.
Severity ?
9.8 (Critical)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Alcatel-Lucent | OmniAccess Stellar Products |
Affected:
AP1100 AWOS versions 5.0.2 GA and earlier
Affected: AP1200 AWOS versions 5.0.2 GA and earlier Affected: AP1300 AWOS versions 5.0.2 GA and earlier Affected: AP1400 AWOS versions 5.0.2 GA and earlier Affected: AP1500 AWOS versions 5.0.2 GA and earlier |
Credits
Joel Chang Zhi Kai
Liu Yisen
Cao Wei
Lam Jun Rong
River Koh
Yeo Jun Yi Keith
Hyunseok Yun
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52688",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-16T14:37:02.110254Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T14:41:04.579Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://jro.sg/CVEs/CVE-2025-52688/"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "OmniAccess Stellar Products",
"vendor": "Alcatel-Lucent",
"versions": [
{
"status": "affected",
"version": "AP1100 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1200 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1300 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1400 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1500 AWOS versions 5.0.2 GA and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joel Chang Zhi Kai"
},
{
"lang": "en",
"type": "finder",
"value": "Liu Yisen"
},
{
"lang": "en",
"type": "finder",
"value": "Cao Wei"
},
{
"lang": "en",
"type": "finder",
"value": "Lam Jun Rong"
},
{
"lang": "en",
"type": "finder",
"value": "River Koh"
},
{
"lang": "en",
"type": "finder",
"value": "Yeo Jun Yi Keith"
},
{
"lang": "en",
"type": "finder",
"value": "Hyunseok Yun"
}
],
"datePublic": "2025-07-16T06:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Successful exploitation of the vulnerability could allow an attacker to inject commands with root privileges on the access point, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point."
}
],
"value": "Successful exploitation of the vulnerability could allow an attacker to inject commands with root privileges on the access point, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T06:23:53.933Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-072/"
},
{
"url": "https://www.al-enterprise.com/-/media/assets/internet/documents/sa-n0150-omniaccess-stellar-multiple-vulnerabilities.pdf"
},
{
"url": "https://jro.sg/CVEs/CVE-2025-52688/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version.\n\n\u003cbr\u003e"
}
],
"value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection Vulnerability in the OmniAccess Stellar Web Management Interface",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2025-52688",
"datePublished": "2025-07-16T06:23:53.933Z",
"dateReserved": "2025-06-19T06:04:41.986Z",
"dateUpdated": "2025-07-16T14:41:04.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52687 (GCVE-0-2025-52687)
Vulnerability from cvelistv5 – Published: 2025-07-16 06:15 – Updated: 2025-07-16 14:41
VLAI?
Summary
Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the payload of web traffics, potentially leading to session hijacking and denial-of-service (DoS).
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Alcatel-Lucent | OmniAccess Stellar |
Affected:
AP1100 AWOS versions 5.0.2 GA and earlier
Affected: AP1200 AWOS versions 5.0.2 GA and earlier Affected: AP1300 AWOS versions 5.0.2 GA and earlier Affected: AP1400 AWOS versions 5.0.2 GA and earlier Affected: AP1500 AWOS versions 5.0.2 GA and earlier |
Credits
Jay Turla
Japz Divino
Jerold Camacho
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52687",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-16T14:37:22.658130Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T14:41:09.909Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "OmniAccess Stellar",
"vendor": "Alcatel-Lucent",
"versions": [
{
"status": "affected",
"version": "AP1100 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1200 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1300 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1400 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1500 AWOS versions 5.0.2 GA and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jay Turla"
},
{
"lang": "en",
"type": "finder",
"value": "Japz Divino"
},
{
"lang": "en",
"type": "finder",
"value": "Jerold Camacho"
}
],
"datePublic": "2025-07-16T06:07:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the payload of web traffics, potentially leading to session hijacking and denial-of-service (DoS)."
}
],
"value": "Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the payload of web traffics, potentially leading to session hijacking and denial-of-service (DoS)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T06:25:33.489Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-072/"
},
{
"url": "https://www.al-enterprise.com/-/media/assets/internet/documents/sa-n0150-omniaccess-stellar-multiple-vulnerabilities.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version.\n\n\u003cbr\u003e"
}
],
"value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "JavaScript Injection Vulnerability in the OmniAccess Stellar Web Management Interface",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2025-52687",
"datePublished": "2025-07-16T06:15:05.328Z",
"dateReserved": "2025-06-19T06:04:41.986Z",
"dateUpdated": "2025-07-16T14:41:09.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48470 (GCVE-0-2025-48470)
Vulnerability from cvelistv5 – Published: 2025-06-24 02:19 – Updated: 2025-06-25 13:01
VLAI?
Summary
Successful exploitation of the stored cross-site scripting vulnerability could allow an attacker to inject malicious scripts into device fields and executed in other users’ browser, potentially leading to session hijacking, defacement, credential theft, or privilege escalation.
Severity ?
4.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech Wireless Sensing and Equipment (WISE) |
Affected:
A2.01 B00
|
Credits
Jay Turla
Japz Divino
Jerold Camacho
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48470",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T15:12:22.447926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T13:01:16.041Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Advantech Wireless Sensing and Equipment (WISE)",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "A2.01 B00"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jay Turla"
},
{
"lang": "en",
"type": "finder",
"value": "Japz Divino"
},
{
"lang": "en",
"type": "finder",
"value": "Jerold Camacho"
}
],
"datePublic": "2025-06-24T02:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Successful exploitation of the stored cross-site scripting vulnerability could allow an attacker to inject malicious scripts into device fields and executed in other users\u2019 browser, potentially leading to session hijacking, defacement, credential theft, or privilege escalation."
}
],
"value": "Successful exploitation of the stored cross-site scripting vulnerability could allow an attacker to inject malicious scripts into device fields and executed in other users\u2019 browser, potentially leading to session hijacking, defacement, credential theft, or privilege escalation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T02:31:24.592Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability can be mitigated by enabling the Security Mode, an existing configuration feature available in previous firmware versions. Security Mode restricts access to unsecured web interfaces and disables unnecessary services to reduce attack surfaces. Users and administrators of affected products are strongly advised to enable Security Mode immediately after configuration.\n\n\u003cbr\u003e"
}
],
"value": "This vulnerability can be mitigated by enabling the Security Mode, an existing configuration feature available in previous firmware versions. Security Mode restricts access to unsecured web interfaces and disables unnecessary services to reduce attack surfaces. Users and administrators of affected products are strongly advised to enable Security Mode immediately after configuration."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stored Cross site Scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2025-48470",
"datePublished": "2025-06-24T02:19:33.670Z",
"dateReserved": "2025-05-22T09:41:25.402Z",
"dateUpdated": "2025-06-25T13:01:16.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48469 (GCVE-0-2025-48469)
Vulnerability from cvelistv5 – Published: 2025-06-24 02:17 – Updated: 2025-06-25 12:57
VLAI?
Summary
Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload firmware through a public update page, potentially leading to backdoor installation or privilege escalation.
Severity ?
9.6 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech Wireless Sensing and Equipment (WISE) |
Affected:
A2.01 B00
|
Credits
Lam Jun Rong
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48469",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T15:13:31.341676Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T12:57:05.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Advantech Wireless Sensing and Equipment (WISE)",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "A2.01 B00"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lam Jun Rong"
}
],
"datePublic": "2025-06-24T02:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload firmware through a public update page, potentially leading to backdoor installation or privilege escalation."
}
],
"value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload firmware through a public update page, potentially leading to backdoor installation or privilege escalation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T02:27:44.846Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061/"
},
{
"url": "https://jro.sg/CVEs/CVE-2025-48469/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Firmware Upload",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2025-48469",
"datePublished": "2025-06-24T02:17:41.939Z",
"dateReserved": "2025-05-22T09:41:25.402Z",
"dateUpdated": "2025-06-25T12:57:05.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48468 (GCVE-0-2025-48468)
Vulnerability from cvelistv5 – Published: 2025-06-24 02:16 – Updated: 2025-06-25 13:30
VLAI?
Summary
Successful exploitation of the vulnerability could allow an attacker that has physical access to interface with JTAG to inject or modify firmware.
Severity ?
6.4 (Medium)
CWE
- CWE-1191 - On-Chip Debug and Test Interface With Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech Wireless Sensing and Equipment (WISE) |
Affected:
A2.01 B00
|
Credits
Marc Heuse
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48468",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T15:22:48.623146Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1191",
"description": "CWE-1191 On-Chip Debug and Test Interface With Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T13:30:04.047Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Advantech Wireless Sensing and Equipment (WISE)",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "A2.01 B00"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marc Heuse"
}
],
"datePublic": "2025-06-24T02:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Successful exploitation of the vulnerability could allow an attacker that has physical access to interface with JTAG to inject or modify firmware."
}
],
"value": "Successful exploitation of the vulnerability could allow an attacker that has physical access to interface with JTAG to inject or modify firmware."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T02:42:46.257Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Users and administrators of affected products are advised to update to firmware version A2.02 B00.\n\n\u003cbr\u003e"
}
],
"value": "Users and administrators of affected products are advised to update to firmware version A2.02 B00."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Open JTAG Debug Port",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2025-48468",
"datePublished": "2025-06-24T02:16:21.830Z",
"dateReserved": "2025-05-22T09:41:25.402Z",
"dateUpdated": "2025-06-25T13:30:04.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48467 (GCVE-0-2025-48467)
Vulnerability from cvelistv5 – Published: 2025-06-24 02:14 – Updated: 2025-06-25 13:21
VLAI?
Summary
Successful exploitation of the vulnerability could allow an attacker to cause repeated reboots, potentially leading to remote denial-of-service and system unavailability.
Severity ?
6.5 (Medium)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech Wireless Sensing and Equipment (WISE) |
Affected:
A2.01 B00
|
Credits
Marc Heuse
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48467",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T15:24:29.015334Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T13:21:55.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Advantech Wireless Sensing and Equipment (WISE)",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "A2.01 B00"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marc Heuse"
}
],
"datePublic": "2025-06-24T02:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Successful exploitation of the vulnerability could allow an attacker to cause repeated reboots, potentially leading to remote denial-of-service and system unavailability."
}
],
"value": "Successful exploitation of the vulnerability could allow an attacker to cause repeated reboots, potentially leading to remote denial-of-service and system unavailability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T02:40:53.208Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Users and administrators of affected products are advised to update to firmware version A2.02 B00 and disable Modbus TCP if it is not required in their deployment.\n\n\u003cbr\u003e"
}
],
"value": "Users and administrators of affected products are advised to update to firmware version A2.02 B00 and disable Modbus TCP if it is not required in their deployment."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Denial of Service via Malformed Modbus Packets",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2025-48467",
"datePublished": "2025-06-24T02:14:44.681Z",
"dateReserved": "2025-05-22T09:41:25.402Z",
"dateUpdated": "2025-06-25T13:21:55.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48466 (GCVE-0-2025-48466)
Vulnerability from cvelistv5 – Published: 2025-06-24 02:12 – Updated: 2025-06-25 12:59
VLAI?
Summary
Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to send Modbus TCP packets to manipulate Digital Outputs, potentially allowing remote control of relay channel which may lead to operational or safety risks.
Severity ?
8.1 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech Wireless Sensing and Equipment (WISE) |
Affected:
A2.01 B00
|
Credits
Jay Turla
Japz Divino
Jerold Camacho
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48466",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T15:25:23.267947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T12:59:38.016Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Advantech Wireless Sensing and Equipment (WISE)",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "A2.01 B00"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jay Turla"
},
{
"lang": "en",
"type": "finder",
"value": "Japz Divino"
},
{
"lang": "en",
"type": "finder",
"value": "Jerold Camacho"
}
],
"datePublic": "2025-06-24T02:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to send Modbus TCP packets to manipulate Digital Outputs, potentially allowing remote control of relay channel which may lead to operational or safety risks."
}
],
"value": "Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to send Modbus TCP packets to manipulate Digital Outputs, potentially allowing remote control of relay channel which may lead to operational or safety risks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T02:30:12.664Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061"
},
{
"url": "https://github.com/shipcod3/CVE-2025-48466"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Users and administrators of affected products are advised to update to firmware version A2.02 B00 and disable Modbus TCP if it is not required in their deployment.\n\n\u003cbr\u003e"
}
],
"value": "Users and administrators of affected products are advised to update to firmware version A2.02 B00 and disable Modbus TCP if it is not required in their deployment."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Modbus Command Injection without Authentication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2025-48466",
"datePublished": "2025-06-24T02:12:41.743Z",
"dateReserved": "2025-05-22T09:41:25.402Z",
"dateUpdated": "2025-06-25T12:59:38.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48463 (GCVE-0-2025-48463)
Vulnerability from cvelistv5 – Published: 2025-06-24 02:10 – Updated: 2025-06-25 13:14
VLAI?
Summary
Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication, potentially leading to unauthorised access or data tampering.
Severity ?
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech Wireless Sensing and Equipment (WISE) |
Affected:
A2.01 B00
|
Credits
Chua Wei Xun
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48463",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T16:38:29.629508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T13:14:07.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Advantech Wireless Sensing and Equipment (WISE)",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "A2.01 B00"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chua Wei Xun"
}
],
"datePublic": "2025-06-24T02:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication, potentially leading to unauthorised access or data tampering."
}
],
"value": "Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication, potentially leading to unauthorised access or data tampering."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T02:47:35.905Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability can be mitigated by enabling the Security Mode, an existing configuration feature available in previous firmware versions. Security Mode restricts access to unsecured web interfaces and disables unnecessary services to reduce attack surfaces. Users and administrators of affected products are strongly advised to enable Security Mode immediately after configuration.\n\n\u003cbr\u003e"
}
],
"value": "This vulnerability can be mitigated by enabling the Security Mode, an existing configuration feature available in previous firmware versions. Security Mode restricts access to unsecured web interfaces and disables unnecessary services to reduce attack surfaces. Users and administrators of affected products are strongly advised to enable Security Mode immediately after configuration."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unencrypted HTTP Communication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2025-48463",
"datePublished": "2025-06-24T02:10:39.085Z",
"dateReserved": "2025-05-22T09:41:25.401Z",
"dateUpdated": "2025-06-25T13:14:07.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48462 (GCVE-0-2025-48462)
Vulnerability from cvelistv5 – Published: 2025-06-24 02:08 – Updated: 2025-06-25 13:25
VLAI?
Summary
Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining access to the product.
Severity ?
4.2 (Medium)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech Wireless Sensing and Equipment (WISE) |
Affected:
A2.01 B00
|
Credits
Marc Heuse
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48462",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T16:42:45.283647Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T13:25:06.014Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Advantech Wireless Sensing and Equipment (WISE)",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "A2.01 B00"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marc Heuse"
}
],
"datePublic": "2025-06-24T02:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining access to the product."
}
],
"value": "Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining access to the product."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T02:46:38.973Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability can be mitigated by enabling the Security Mode, an existing configuration feature available in previous firmware versions. Security Mode restricts access to unsecured web interfaces and disables unnecessary services to reduce attack surfaces. Users and administrators of affected products are strongly advised to enable Security Mode immediately after configuration.\n\n\u003cbr\u003e"
}
],
"value": "This vulnerability can be mitigated by enabling the Security Mode, an existing configuration feature available in previous firmware versions. Security Mode restricts access to unsecured web interfaces and disables unnecessary services to reduce attack surfaces. Users and administrators of affected products are strongly advised to enable Security Mode immediately after configuration."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Login Session Exhaustion",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2025-48462",
"datePublished": "2025-06-24T02:08:58.607Z",
"dateReserved": "2025-05-22T09:41:25.401Z",
"dateUpdated": "2025-06-25T13:25:06.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48461 (GCVE-0-2025-48461)
Vulnerability from cvelistv5 – Published: 2025-06-24 02:02 – Updated: 2025-06-25 13:23
VLAI?
Summary
Successful exploitation of the vulnerability could allow an unauthenticated attacker to conduct brute force guessing and account takeover as the session cookies are predictable, potentially allowing the attackers to gain root, admin or user access and reset passwords.
Severity ?
5 (Medium)
CWE
- CWE-341 - Predictable from Observable State
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech Wireless Sensing and Equipment (WISE) |
Affected:
A2.01 B00
|
Credits
Joel Chang Zhi Kai
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T16:45:36.031567Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-341",
"description": "CWE-341 Predictable from Observable State",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T13:23:33.993Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Advantech Wireless Sensing and Equipment (WISE)",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "A2.01 B00"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joel Chang Zhi Kai"
}
],
"datePublic": "2025-06-24T02:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to conduct brute force guessing and account takeover as the session cookies are predictable, potentially allowing the attackers to gain root, admin or user access and reset passwords."
}
],
"value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to conduct brute force guessing and account takeover as the session cookies are predictable, potentially allowing the attackers to gain root, admin or user access and reset passwords."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T02:33:00.989Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability can be mitigated by enabling the Security Mode, an existing configuration feature available in previous firmware versions. Security Mode restricts access to unsecured web interfaces and disables unnecessary services to reduce attack surfaces. Users and administrators of affected products are strongly advised to enable Security Mode immediately after configuration.\n\n\u003cbr\u003e"
}
],
"value": "This vulnerability can be mitigated by enabling the Security Mode, an existing configuration feature available in previous firmware versions. Security Mode restricts access to unsecured web interfaces and disables unnecessary services to reduce attack surfaces. Users and administrators of affected products are strongly advised to enable Security Mode immediately after configuration."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Weak Session Cookie Entropy",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2025-48461",
"datePublished": "2025-06-24T02:02:08.633Z",
"dateReserved": "2025-05-22T09:41:25.401Z",
"dateUpdated": "2025-06-25T13:23:33.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}