CVE-2025-11155 (GCVE-0-2025-11155)

Vulnerability from cvelistv5 – Published: 2025-09-29 15:14 – Updated: 2025-11-03 12:02
VLAI?
Title
WEAK ENCODING FOR PASSWORD IN DEVICE SERVER CONFIGURATION
Summary
The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials.
Severity ?
6.8 (Medium)
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N
CWE
  • CWE-261 - Weak Encoding for Password
Assigner
References
Impacted products
Vendor Product Version
SATO S86-ex 203dpi Affected: 61.00.00.09 (Firmware)
Create a notification for this product.
Credits
Víctor Bello Cuevas Aarón Flecha Menéndez Iván Alonso Álvarez
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-11155",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-29T15:23:52.052844Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-29T15:48:58.297Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "S86-ex 203dpi",
          "vendor": "SATO",
          "versions": [
            {
              "status": "affected",
              "version": "61.00.00.09",
              "versionType": "Firmware"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "V\u00edctor Bello Cuevas"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Aar\u00f3n Flecha Men\u00e9ndez"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Iv\u00e1n Alonso \u00c1lvarez"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The credentials required to access the device\u0027s web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials."
            }
          ],
          "value": "The credentials required to access the device\u0027s web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-37",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-37: Retrieve Embedded Sensitive Data"
            }
          ]
        },
        {
          "capecId": "CAPEC-117",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-117: Exploiting Unprotected Storage"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-261",
              "description": "CWE-261: Weak Encoding for Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-03T12:02:51.688Z",
        "orgId": "50b5080a-775f-442e-83b5-926b5ca517b6",
        "shortName": "S21sec"
      },
      "references": [
        {
          "url": "https://www.s21sec.com/cvelist/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "It is recommended to update the device to version\u0026nbsp;\n\n61.00.01.03\n\n\u003cbr\u003e"
            }
          ],
          "value": "It is recommended to update the device to version\u00a0\n\n61.00.01.03"
        },
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsatoamerica.zendesk.com%2Fattachments%2Ftoken%2FrLRv8O2cYIlh18ognpVd3Kz23%2F%3Fname%3DFirmware_Download_Procedure_S84ex_S86ex.pdf\u0026amp;data=05%7C02%7Ccve-coordination%40s21sec.com%7Ca965b77467c04de8ddff08ddfea85958%7C3954031c8b0f4b409c0d3504f88641f5%7C0%7C0%7C638946721357023256%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C\u0026amp;sdata=QSuXeD7kLAH02F0kMEqvCba5zD2FfQ%2FXWuHsTAy1XiA%3D\u0026amp;reserved=0\"\u003ehttps://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsatoamerica.zendesk.com%2Fattachments%2Ftoken%2FrLRv8O2cYIlh18ognpVd3Kz23%2F%3Fname%3DFirmware_Download_Procedure_S84ex_S86ex.pdf\u0026amp;data=05%7C02%7Ccve-coordination%40s21sec.com%7Ca965b77467c04de8ddff08ddfea85958%7C3954031c8b0f4b409c0d3504f88641f5%7C0%7C0%7C638946721357023256%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C\u0026amp;sdata=QSuXeD7kLAH02F0kMEqvCba5zD2FfQ%2FXWuHsTAy1XiA%3D\u0026amp;reserved=0\u003c/a\u003e"
            }
          ],
          "value": "https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsatoamerica.zendesk.com%2Fattachments%2Ftoken%2FrLRv8O2cYIlh18ognpVd3Kz23%2F%3Fname%3DFirmware_Download_Procedure_S84ex_S86ex.pdf\u0026data=05%7C02%7Ccve-coordination%40s21sec.com%7Ca965b77467c04de8ddff08ddfea85958%7C3954031c8b0f4b409c0d3504f88641f5%7C0%7C0%7C638946721357023256%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C\u0026sdata=QSuXeD7kLAH02F0kMEqvCba5zD2FfQ%2FXWuHsTAy1XiA%3D\u0026reserved=0"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "WEAK ENCODING FOR PASSWORD IN DEVICE SERVER CONFIGURATION",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "50b5080a-775f-442e-83b5-926b5ca517b6",
    "assignerShortName": "S21sec",
    "cveId": "CVE-2025-11155",
    "datePublished": "2025-09-29T15:14:39.779Z",
    "dateReserved": "2025-09-29T14:16:25.728Z",
    "dateUpdated": "2025-11-03T12:02:51.688Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-11155\",\"sourceIdentifier\":\"50b5080a-775f-442e-83b5-926b5ca517b6\",\"published\":\"2025-09-29T16:15:37.223\",\"lastModified\":\"2025-09-29T19:34:10.030\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The credentials required to access the device\u0027s web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"50b5080a-775f-442e-83b5-926b5ca517b6\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"ACTIVE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"50b5080a-775f-442e-83b5-926b5ca517b6\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-261\"}]}],\"references\":[{\"url\":\"https://www.s21sec.com/cvelist/\",\"source\":\"50b5080a-775f-442e-83b5-926b5ca517b6\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-11155\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-29T15:23:52.052844Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-29T15:23:54.475Z\"}}], \"cna\": {\"title\": \"WEAK ENCODING FOR PASSWORD IN DEVICE SERVER CONFIGURATION\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"V\\u00edctor Bello Cuevas\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Aar\\u00f3n Flecha Men\\u00e9ndez\"}, {\"lang\": \"en\", \"type\": \"coordinator\", \"value\": \"Iv\\u00e1n Alonso \\u00c1lvarez\"}], \"impacts\": [{\"capecId\": \"CAPEC-37\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-37: Retrieve Embedded Sensitive Data\"}]}, {\"capecId\": \"CAPEC-117\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-117: Exploiting Unprotected Storage\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6.8, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"ADJACENT\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"ACTIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"SATO\", \"product\": \"S86-ex 203dpi\", \"versions\": [{\"status\": \"affected\", \"version\": \"61.00.00.09\", \"versionType\": \"Firmware\"}], \"defaultStatus\": \"unknown\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"It is recommended to update the device to version\\u00a0\\n\\n61.00.01.03\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"It is recommended to update the device to version\u0026nbsp;\\n\\n61.00.01.03\\n\\n\u003cbr\u003e\", \"base64\": false}]}, {\"lang\": \"en\", \"value\": \"https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsatoamerica.zendesk.com%2Fattachments%2Ftoken%2FrLRv8O2cYIlh18ognpVd3Kz23%2F%3Fname%3DFirmware_Download_Procedure_S84ex_S86ex.pdf\u0026data=05%7C02%7Ccve-coordination%40s21sec.com%7Ca965b77467c04de8ddff08ddfea85958%7C3954031c8b0f4b409c0d3504f88641f5%7C0%7C0%7C638946721357023256%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C\u0026sdata=QSuXeD7kLAH02F0kMEqvCba5zD2FfQ%2FXWuHsTAy1XiA%3D\u0026reserved=0\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsatoamerica.zendesk.com%2Fattachments%2Ftoken%2FrLRv8O2cYIlh18ognpVd3Kz23%2F%3Fname%3DFirmware_Download_Procedure_S84ex_S86ex.pdf\u0026amp;data=05%7C02%7Ccve-coordination%40s21sec.com%7Ca965b77467c04de8ddff08ddfea85958%7C3954031c8b0f4b409c0d3504f88641f5%7C0%7C0%7C638946721357023256%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C\u0026amp;sdata=QSuXeD7kLAH02F0kMEqvCba5zD2FfQ%2FXWuHsTAy1XiA%3D\u0026amp;reserved=0\\\"\u003ehttps://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsatoamerica.zendesk.com%2Fattachments%2Ftoken%2FrLRv8O2cYIlh18ognpVd3Kz23%2F%3Fname%3DFirmware_Download_Procedure_S84ex_S86ex.pdf\u0026amp;data=05%7C02%7Ccve-coordination%40s21sec.com%7Ca965b77467c04de8ddff08ddfea85958%7C3954031c8b0f4b409c0d3504f88641f5%7C0%7C0%7C638946721357023256%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C\u0026amp;sdata=QSuXeD7kLAH02F0kMEqvCba5zD2FfQ%2FXWuHsTAy1XiA%3D\u0026amp;reserved=0\u003c/a\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.s21sec.com/cvelist/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The credentials required to access the device\u0027s web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The credentials required to access the device\u0027s web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-261\", \"description\": \"CWE-261: Weak Encoding for Password\"}]}], \"providerMetadata\": {\"orgId\": \"50b5080a-775f-442e-83b5-926b5ca517b6\", \"shortName\": \"S21sec\", \"dateUpdated\": \"2025-11-03T12:02:51.688Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-11155\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T12:02:51.688Z\", \"dateReserved\": \"2025-09-29T14:16:25.728Z\", \"assignerOrgId\": \"50b5080a-775f-442e-83b5-926b5ca517b6\", \"datePublished\": \"2025-09-29T15:14:39.779Z\", \"assignerShortName\": \"S21sec\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.