CVE-2025-2772

Medium CVSS: 6.5

BEC Technologies Multiple Routers Insufficiently Protected Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BEC Technologies routers. Authentication is not required to exploit this vulnerability.

The specific flaw exists within /cgi-bin/tools_usermanage.asp. The issue results from transmitting a list of users and their credentials to be handled on the client side. An attacker can leverage this vulnerability to disclose transported credentials, leading to further compromise. Was ZDI-CAN-25895.

Vendor

Bectechnologies

Product

Router Firmware

CWE

CWE-522

Yayın Tarihi

2025-04-23 17:16:55

Güncelleme

2025-08-21 00:37:29

Source Identifier

zdi-disclosures@trendmicro.com

KEV Date Added

Kategoriler

CWE-522 Router Firmware MEDIUM Bectechnologies 2025

Referanslar

https://www.zerodayinitiative.com/advisories/ZDI-25-185/

Benzer Kayıtlar

Medium

CVE-2025-2770

BEC Technologies Multiple Routers Cleartext Password Storage Information Disclosure Vulnerability. This vulnerability al…

Medium

CVE-2025-2771

BEC Technologies Multiple Routers Authentication Bypass Vulnerability. This vulnerability allows remote attackers to byp…

High

CVE-2025-2773

BEC Technologies Multiple Routers sys ping Command Injection Remote Code Execution Vulnerability. This vulnerability all…