CVE-2018-25236

Critical CVSS: 9.3

Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by crafting specially formed HTTP requests. Attackers can exploit improper authentication handling to obtain the authentication status and privileges of a previously authenticated user without providing valid credentials.

Vendor

Product

CWE

CWE-287

Yayın Tarihi

2026-04-03 23:17:00

Güncelleme

2026-04-07 13:20:55

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-287 CRITICAL 2026

Referanslar

https://assets.belden.com/m/52ecadbb5f1b0e04/original/Security-Bulletin-Web-Server-Authentication-Bypass-HiOS-HiSecOS-Hirschmann-BSECV-2018-05.pdf https://www.vulncheck.com/advisories/hirschmann-hios-hisecos-authentication-bypass-via-http-management