Search criteria
3 vulnerabilities found for revpi_status by kunbus
FKIE_CVE-2025-41646
Vulnerability from fkie_nvd - Published: 2025-06-06 15:15 - Updated: 2025-06-10 19:29
Severity ?
Summary
An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kunbus | revpi_status | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kunbus:revpi_status:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5AB814D-A49E-4331-93F1-112580C10B44",
"versionEndExcluding": "2.4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device"
},
{
"lang": "es",
"value": "Un atacante remoto no autorizado puede eludir la autenticaci\u00f3n del paquete de software afectado mediante el uso indebido de una conversi\u00f3n de tipo incorrecta. Esto conlleva la vulnerabilidad total del dispositivo."
}
],
"id": "CVE-2025-41646",
"lastModified": "2025-06-10T19:29:22.893",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "info@cert.vde.com",
"type": "Secondary"
}
]
},
"published": "2025-06-06T15:15:26.183",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Product"
],
"url": "https://psirt.kunbus.com/.well-known/csaf/white/2025/kunbus-2025-0000003.json"
},
{
"source": "info@cert.vde.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.kunbus.com/en/productsecurity/Kunbus-2025-0000003"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-704"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
}
]
}
CVE-2025-41646 (GCVE-0-2025-41646)
Vulnerability from cvelistv5 – Published: 2025-06-06 14:42 – Updated: 2025-06-06 15:06
VLAI?
Title
RevPi Webstatus application is vulnerable to an authentication bypass
Summary
An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device
Severity ?
9.8 (Critical)
CWE
- CWE-704 - Incorrect Type Conversion or Cast
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kunbus | Revolution Pi webstatus |
Affected:
0.0.0 , ≤ 2.4.5
(semver)
|
Credits
Ajay Anto
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-06T15:05:56.484231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-06T15:06:11.989Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Revolution Pi webstatus",
"vendor": "Kunbus",
"versions": [
{
"lessThanOrEqual": "2.4.5",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ajay Anto"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device"
}
],
"value": "An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-704",
"description": "CWE-704 Incorrect Type Conversion or Cast",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-06T14:42:31.249Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.kunbus.com/en/productsecurity/Kunbus-2025-0000003"
},
{
"tags": [
"vendor-advisory",
"x_csaf"
],
"url": "https://psirt.kunbus.com/.well-known/csaf/white/2025/kunbus-2025-0000003.json"
}
],
"source": {
"defect": [
"CERT@VDE#641782"
],
"discovery": "EXTERNAL"
},
"title": "RevPi Webstatus application is vulnerable to an authentication bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41646",
"datePublished": "2025-06-06T14:42:31.249Z",
"dateReserved": "2025-04-16T11:17:48.305Z",
"dateUpdated": "2025-06-06T15:06:11.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41646 (GCVE-0-2025-41646)
Vulnerability from nvd – Published: 2025-06-06 14:42 – Updated: 2025-06-06 15:06
VLAI?
Title
RevPi Webstatus application is vulnerable to an authentication bypass
Summary
An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device
Severity ?
9.8 (Critical)
CWE
- CWE-704 - Incorrect Type Conversion or Cast
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kunbus | Revolution Pi webstatus |
Affected:
0.0.0 , ≤ 2.4.5
(semver)
|
Credits
Ajay Anto
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-06T15:05:56.484231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-06T15:06:11.989Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Revolution Pi webstatus",
"vendor": "Kunbus",
"versions": [
{
"lessThanOrEqual": "2.4.5",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ajay Anto"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device"
}
],
"value": "An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-704",
"description": "CWE-704 Incorrect Type Conversion or Cast",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-06T14:42:31.249Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.kunbus.com/en/productsecurity/Kunbus-2025-0000003"
},
{
"tags": [
"vendor-advisory",
"x_csaf"
],
"url": "https://psirt.kunbus.com/.well-known/csaf/white/2025/kunbus-2025-0000003.json"
}
],
"source": {
"defect": [
"CERT@VDE#641782"
],
"discovery": "EXTERNAL"
},
"title": "RevPi Webstatus application is vulnerable to an authentication bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41646",
"datePublished": "2025-06-06T14:42:31.249Z",
"dateReserved": "2025-04-16T11:17:48.305Z",
"dateUpdated": "2025-06-06T15:06:11.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}